diff --git a/credential-helper/buildkite-connector-credential-helper b/credential-helper/buildkite-connector-credential-helper
index 073b2b6..9f1d413 100755
--- a/credential-helper/buildkite-connector-credential-helper
+++ b/credential-helper/buildkite-connector-credential-helper
@@ -30,9 +30,7 @@ fi
 # OIDC JWT from the agent. The output of this request is in the expected format,
 # so is sent to stdout to be read by git.
 TIMEFORMAT='[token vendor = %2Rs]'
-# support both the old and new default profile name
-# TODO: tidy up this conditional once chinmina profile support is rolled out
-if [[ ${profile} == "default" || ${profile} == "repo:default" ]]; then
+if [[ ${profile} == "repo:default" ]]; then
   path="git-credentials"
 else
   path="organization/git-credentials/${profile}"
diff --git a/hooks/environment b/hooks/environment
index 5fbdc6d..1c75a7a 100755
--- a/hooks/environment
+++ b/hooks/environment
@@ -92,12 +92,10 @@ git_config_add "credential.https://github.com.usehttppath" "true"
 
 # iterate over all provided profiles and configure a credential helper for each one
 for profile in "${profiles[@]}"; do
-  # support both the old and new default profile name
-  # TODO: uncomment the below code once chinmina profile support is rolled out
-  # if [[ "${profile}" != org:* && "${profile}" != repo:* ]]; then
-  #   echo "~~~ :error: Invalid profile: ${profile}. Must start with 'org:' or 'repo:'"
-  #   exit 1
-  # fi
+  if [[ "${profile}" != org:* && "${profile}" != repo:* ]]; then
+    echo "~~~ :warning: Invalid profile: ${profile}. Must start with 'org:' or 'repo:'. Skipping configuration for this profile."
+    continue
+  fi
   git_config_add "credential.https://github.com.helper" "${plugin_root}/credential-helper/buildkite-connector-credential-helper ${chinmina_url} ${audience} ${profile}"
 done
 
diff --git a/tests/environment.bats b/tests/environment.bats
index 885db5c..be1d745 100755
--- a/tests/environment.bats
+++ b/tests/environment.bats
@@ -45,7 +45,7 @@ run_environment() {
   assert_line --partial "Missing required parameter chinmina-url"
 }
 
-@test "Adds config for default audience" {
+@test "Adds config for default audience and profile" {
   export BUILDKITE_PLUGIN_CHINMINA_GIT_CREDENTIALS_CHINMINA_URL=http://test-location
 
   run_environment "${PWD}/hooks/environment"
@@ -55,7 +55,7 @@ run_environment() {
   assert_line "GIT_CONFIG_KEY_0=credential.https://github.com.usehttppath"
   assert_line "GIT_CONFIG_VALUE_0=true"
   assert_line "GIT_CONFIG_KEY_1=credential.https://github.com.helper"
-  assert_line --regexp "GIT_CONFIG_VALUE_1=/.*/credential-helper/buildkite-connector-credential-helper http://test-location chinmina:default"
+  assert_line --regexp "GIT_CONFIG_VALUE_1=/.*/credential-helper/buildkite-connector-credential-helper http://test-location chinmina:default repo:default"
 }
 
 @test "Adds config for non-default audience" {
@@ -72,20 +72,6 @@ run_environment() {
   assert_line --regexp "GIT_CONFIG_VALUE_1=/.*/credential-helper/buildkite-connector-credential-helper http://test-location test-audience"
 }
 
-@test "Adds config for default profile" {
-  export BUILDKITE_PLUGIN_CHINMINA_GIT_CREDENTIALS_CHINMINA_URL=http://test-location
-  export BUILDKITE_PLUGIN_CHINMINA_GIT_CREDENTIALS_AUDIENCE=test-audience
-
-  run_environment "${PWD}/hooks/environment"
-
-  assert_success
-  assert_line "GIT_CONFIG_COUNT=2"
-  assert_line "GIT_CONFIG_KEY_0=credential.https://github.com.usehttppath"
-  assert_line "GIT_CONFIG_VALUE_0=true"
-  assert_line "GIT_CONFIG_KEY_1=credential.https://github.com.helper"
-  assert_line --regexp "GIT_CONFIG_VALUE_1=/.*/credential-helper/buildkite-connector-credential-helper http://test-location test-audience repo:default"
-}
-
 @test "Adds config for non-default profiles" {
   export BUILDKITE_PLUGIN_CHINMINA_GIT_CREDENTIALS_CHINMINA_URL=http://test-location
   export BUILDKITE_PLUGIN_CHINMINA_GIT_CREDENTIALS_AUDIENCE=test-audience
@@ -104,18 +90,22 @@ run_environment() {
   assert_line --regexp "GIT_CONFIG_VALUE_2=/.*/credential-helper/buildkite-connector-credential-helper http://test-location test-audience repo:another-test-profile"
 }
 
-@test "Backwards compatible with old name" {
+@test "Ignores profiles without specified prefixes" {
   export BUILDKITE_PLUGIN_GITHUB_APP_AUTH_VENDOR_URL=http://test-location
   export BUILDKITE_PLUGIN_GITHUB_APP_AUTH_AUDIENCE=test-audience
+  export BUILDKITE_PLUGIN_CHINMINA_GIT_CREDENTIALS_PROFILES_0="invalid-profile-name"
+  export BUILDKITE_PLUGIN_CHINMINA_GIT_CREDENTIALS_PROFILES_1="org:read-packages"
 
   run_environment "${PWD}/hooks/environment"
 
   assert_success
+  assert_line --partial ":warning: Invalid profile"
+
   assert_line "GIT_CONFIG_COUNT=2"
   assert_line "GIT_CONFIG_KEY_0=credential.https://github.com.usehttppath"
   assert_line "GIT_CONFIG_VALUE_0=true"
   assert_line "GIT_CONFIG_KEY_1=credential.https://github.com.helper"
-  assert_line --regexp "GIT_CONFIG_VALUE_1=/.*/credential-helper/buildkite-connector-credential-helper http://test-location test-audience"
+  assert_line --regexp "GIT_CONFIG_VALUE_1=/.*/credential-helper/buildkite-connector-credential-helper http://test-location test-audience org:read-packages"
 }
 
 @test "Adds to existing configuration if present" {