diff --git a/api/secret.go b/api/secret.go
index c870a1a7b..86b2c8181 100644
--- a/api/secret.go
+++ b/api/secret.go
@@ -81,6 +81,8 @@ import (
 
 // CreateSecret represents the API handler to
 // create a secret in the configured backend.
+//
+// nolint: funlen // ignore funlen linter
 func CreateSecret(c *gin.Context) {
 	// capture middleware values
 	u := user.Retrieve(c)
@@ -129,6 +131,16 @@ func CreateSecret(c *gin.Context) {
 		return
 	}
 
+	// reject secrets with solely whitespace characters as its value
+	trimmed := strings.TrimSpace(input.GetValue())
+	if len(trimmed) == 0 {
+		retErr := fmt.Errorf("secret value must contain non-whitespace characters")
+
+		util.HandleError(c, http.StatusBadRequest, retErr)
+
+		return
+	}
+
 	// update fields in secret object
 	input.SetOrg(o)
 	input.SetRepo(n)
@@ -544,6 +556,8 @@ func GetSecret(c *gin.Context) {
 //       "$ref": "#/definitions/Error"
 
 // UpdateSecret updates a secret for the provided secrets service.
+//
+// nolint: funlen // ignore funlen linter
 func UpdateSecret(c *gin.Context) {
 	// capture middleware values
 	u := user.Retrieve(c)
@@ -595,6 +609,16 @@ func UpdateSecret(c *gin.Context) {
 		return
 	}
 
+	// reject secrets with solely whitespace characters as its value
+	trimmed := strings.TrimSpace(input.GetValue())
+	if len(trimmed) == 0 {
+		retErr := fmt.Errorf("secret value must contain non-whitespace characters")
+
+		util.HandleError(c, http.StatusBadRequest, retErr)
+
+		return
+	}
+
 	// update secret fields if provided
 	input.SetName(s)
 	input.SetOrg(o)