diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 9d3c861b..e1c1887c 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -114,6 +114,9 @@ jobs:
             fi
             echo -e '[epel]\nname=Extra Packages for Enterprise Linux $releasever - $basearch\nmetalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir\nenabled=1\ngpgcheck=1\ngpgkey=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8' > /etc/yum.repos.d/epel.repo
             microdnf install --nodocs git-core unzip tar findutils diffutils parallel
+          
+            # remove xargs from RHEL image to keep compatibility with OpenShift GitOps
+            rm -f "$(which xargs)"
           fi
 
       - name: Install zsh
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a3f47b43..ff05de5d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,8 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [4.6.2] - 2024-10-13
+
 ### Fixes
 - fix: examples in the help of encrypt/decrypt commands
+- fix: remove dependency on `xargs`, since it's not available on OpenShift
 
 ## [4.6.1] - 2024-08-09
 
@@ -328,7 +331,8 @@ Started a fork of https://github.com/zendesk/helm-secrets
 - Verbose output is now on stderr
 - Support all helm sub commands and plugins
 
-[Unreleased]: https://github.com/kroepke/helm-secrets/compare/v4.6.1...HEAD
+[Unreleased]: https://github.com/kroepke/helm-secrets/compare/v4.6.2...HEAD
+[4.6.2]: https://github.com/jkroepke/helm-secrets/compare/v4.6.1...v4.6.2
 [4.6.1]: https://github.com/jkroepke/helm-secrets/compare/v4.6.0...v4.6.1
 [4.6.0]: https://github.com/jkroepke/helm-secrets/compare/v4.5.1...v4.6.0
 [4.5.1]: https://github.com/jkroepke/helm-secrets/compare/v4.5.0...v4.5.1
diff --git a/scripts/commands/helm.sh b/scripts/commands/helm.sh
index 443e4ccc..55ac7766 100644
--- a/scripts/commands/helm.sh
+++ b/scripts/commands/helm.sh
@@ -24,19 +24,25 @@ Typical usage:
 EOF
 }
 
-decrypted_file_list=$(_mktemp)
+decrypted_file_list_dir=$(_mktemp -d)
 
 _trap_hook() {
-    if [ -s "${decrypted_file_list}" ]; then
-        if [ "${QUIET}" = "false" ]; then
-            echo >&2
-            # shellcheck disable=SC2016
-            xargs -0 -n1 sh -c 'rm "$1" && printf "[helm-secrets] Removed: %s\n" "$1"' sh >&2 <"${decrypted_file_list}"
-        else
-            xargs -0 rm >&2 <"${decrypted_file_list}"
-        fi
+    if [ -d "${decrypted_file_list_dir}" ]; then
+        set +f # Enable globbing
+        for file in "${decrypted_file_list_dir}"/*.file; do
+            set -f # Disable globbing
+
+            if [ -e "$file" ]; then # Make sure it isn't an empty match, in case of no files
+                decrypted_file=$(cat "$file")
+                rm -- "$(printf '%s' "$decrypted_file")"
+
+                if [ "${QUIET}" = "false" ]; then
+                    printf "[helm-secrets] Removed: %s\n" "$decrypted_file" >&2
+                fi
+            fi
+        done
 
-        rm "${decrypted_file_list}"
+        rm -rf "${decrypted_file_list_dir}"
     fi
 }
 
@@ -209,7 +215,7 @@ helm_wrapper() {
                     fi
                 else
                     if decrypt_helper "${real_file}" "${sops_type}"; then
-                        printf '%s\0' "${file_dec}" >>"${decrypted_file_list}"
+                        printf '%s' "${file_dec}" >"${decrypted_file_list_dir}/${j}.file"
 
                         if [ "${QUIET}" = "false" ]; then
                             log 'Decrypt: %s' "${file}"