diff --git a/server/routers/policy/setResourcePolicyHeaderAuth.ts b/server/routers/policy/setResourcePolicyHeaderAuth.ts
index 368f9b05e..6dba0b8a7 100644
--- a/server/routers/policy/setResourcePolicyHeaderAuth.ts
+++ b/server/routers/policy/setResourcePolicyHeaderAuth.ts
@@ -76,6 +76,15 @@ export async function setResourcePolicyHeaderAuth(
         const { resourcePolicyId } = parsedParams.data;
         const { headerAuth } = parsedBody.data;
 
+        const headerAuthHash =
+            headerAuth !== null
+                ? await hashPassword(
+                      Buffer.from(
+                          `${headerAuth.user}:${headerAuth.password}`
+                      ).toString("base64")
+                  )
+                : null;
+
         await db.transaction(async (trx) => {
             await trx
                 .delete(resourcePolicyHeaderAuth)
@@ -86,13 +95,7 @@ export async function setResourcePolicyHeaderAuth(
                     )
                 );
 
-            if (headerAuth !== null) {
-                const headerAuthHash = await hashPassword(
-                    Buffer.from(
-                        `${headerAuth.user}:${headerAuth.password}`
-                    ).toString("base64")
-                );
-
+            if (headerAuth !== null && headerAuthHash !== null) {
                 await trx.insert(resourcePolicyHeaderAuth).values({
                     resourcePolicyId,
                     headerAuthHash,
diff --git a/server/routers/resource/setResourceHeaderAuth.ts b/server/routers/resource/setResourceHeaderAuth.ts
index e19d47c3b..6c5ee1788 100644
--- a/server/routers/resource/setResourceHeaderAuth.ts
+++ b/server/routers/resource/setResourceHeaderAuth.ts
@@ -107,6 +107,13 @@ export async function setResourceHeaderAuth(
             resource.resourcePolicyId === null &&
             resource.defaultResourcePolicyId !== null;
 
+        const headerAuthHash =
+            user && password && extendedCompatibility !== null
+                ? await hashPassword(
+                      Buffer.from(`${user}:${password}`).toString("base64")
+                  )
+                : null;
+
         await db.transaction(async (trx) => {
             if (isInlinePolicy) {
                 const policyId = resource.defaultResourcePolicyId!;
@@ -116,11 +123,7 @@ export async function setResourceHeaderAuth(
                         eq(resourcePolicyHeaderAuth.resourcePolicyId, policyId)
                     );
 
-                if (user && password && extendedCompatibility !== null) {
-                    const headerAuthHash = await hashPassword(
-                        Buffer.from(`${user}:${password}`).toString("base64")
-                    );
-
+                if (headerAuthHash !== null && extendedCompatibility !== null) {
                     await trx.insert(resourcePolicyHeaderAuth).values({
                         resourcePolicyId: policyId,
                         headerAuthHash,
@@ -140,11 +143,7 @@ export async function setResourceHeaderAuth(
                         )
                     );
 
-                if (user && password && extendedCompatibility !== null) {
-                    const headerAuthHash = await hashPassword(
-                        Buffer.from(`${user}:${password}`).toString("base64")
-                    );
-
+                if (headerAuthHash !== null && extendedCompatibility !== null) {
                     await Promise.all([
                         trx
                             .insert(resourceHeaderAuth)