diff --git a/cmd/dependabot/internal/cmd/update.go b/cmd/dependabot/internal/cmd/update.go
index cdd494b..8fa2e1e 100644
--- a/cmd/dependabot/internal/cmd/update.go
+++ b/cmd/dependabot/internal/cmd/update.go
@@ -343,7 +343,22 @@ func processInput(input *model.Input, flags *UpdateFlags) {
 				"host": "dev.azure.com",
 			})
 		}
+	}
+
+	// Calculate the credentials-metadata as it cannot be provided by the user anymore.
+	input.Job.CredentialsMetadata = []model.Credential{}
+	for _, credential := range input.Credentials {
+		entry := make(map[string]any)
+		for k, v := range credential {
+			// Updater does not get credentials.
+			if k != "username" && k != "token" && k != "password" && k != "key" && k != "auth-key" {
+				entry[k] = v
+			}
+		}
+		input.Job.CredentialsMetadata = append(input.Job.CredentialsMetadata, entry)
+	}
 
+	if hasLocalAzureToken && azureRepo != nil {
 		// Add the Azure Artifacts credentials for each host if the package manager is supported.
 		if _, ok := azureArtifactsPackageManagerCredentialType[input.Job.PackageManager]; ok {
 			// All Azure Artifacts hosts
@@ -363,19 +378,6 @@ func processInput(input *model.Input, flags *UpdateFlags) {
 			log.Printf("Skipping Azure Artifacts credentials for %s package manager.", input.Job.PackageManager)
 		}
 	}
-
-	// Calculate the credentials-metadata as it cannot be provided by the user anymore.
-	input.Job.CredentialsMetadata = []model.Credential{}
-	for _, credential := range input.Credentials {
-		entry := make(map[string]any)
-		for k, v := range credential {
-			// Updater does not get credentials.
-			if k != "username" && k != "token" && k != "password" && k != "key" && k != "auth-key" {
-				entry[k] = v
-			}
-		}
-		input.Job.CredentialsMetadata = append(input.Job.CredentialsMetadata, entry)
-	}
 }
 
 func doesStdinHaveData() bool {