diff --git a/roles/product_install/tasks/main.yml b/roles/product_install/tasks/main.yml
index eece7e2..201ccd1 100644
--- a/roles/product_install/tasks/main.yml
+++ b/roles/product_install/tasks/main.yml
@@ -177,14 +177,22 @@
 - name: download_binary is true so fetch and do all the things
   block:
 
-    # Fetch binary and copy to temp 
     # optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian'
+    - name: set basic_auth facts if the secret exists
+      ansible.builtin.set_fact:
+        download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}"
+        download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}"
+      failed_when: false
+      no_log: true
+
+    # Fetch binary and copy to temp 
+    # optionally use basic_auth creds from secrets_manager
     - name: Fetch binary
       ansible.builtin.get_url:
         url: "{{ atl_product_download_url }}"
         dest: "{{ atl_product_temp_download }}"
-        url_password: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') | default(omit) }}"
-        url_username: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') | default(omit) }}"
+        url_password: "{{ download_atlassian_password | default(omit) }}"
+        url_username: "{{ download_atlassian_username | default(omit) }}"
         mode: 0755
         force: false
       register: atl_product_completed