diff --git a/hub/changelog.rst b/hub/changelog.rst
index a8e8dde667..754c199492 100644
--- a/hub/changelog.rst
+++ b/hub/changelog.rst
@@ -1,6 +1,13 @@
 Changelog
 =========
 
+.. _changelog_2025-06-25:
+
+2025-06-25
+----------
+- The ``validation_expression`` :ref:`property <validation_expression>` now supports looking up global secrets.
+  If the secret used in the expression is set on both the system and as a global secret, the system secret takes priority.
+
 .. _changelog_2025-06-17:
 
 2025-06-17
diff --git a/hub/documentation/service-configuration/pipes/configuration-sources-http.rst b/hub/documentation/service-configuration/pipes/configuration-sources-http.rst
index 6909c1f68a..a1bd44f78f 100644
--- a/hub/documentation/service-configuration/pipes/configuration-sources-http.rst
+++ b/hub/documentation/service-configuration/pipes/configuration-sources-http.rst
@@ -150,14 +150,17 @@ Properties
      - 100
      - No
 
+       .. _validation_expression:
    * - ``validation_expression``
      - String
      - This property allows custom request validation for receiver endpoints. This is particularly useful when clients
        cannot use JWT tokens for authentication. The string must be a `Jinja template <https://jinja.palletsprojects.com/en/3.1.x/templates/#tests>`_.
        The Jinja template is rendered for each incoming request. If it renders as an empty string then the request is
        accepted, otherwise the rendered string will be reported as an error in the response. The context allows using
-       the ``secret`` function to access values of secrets. The named variables ``url``, ``request_params`` and
-       ``request_headers`` are available to the template. Example:
+       the ``secret`` function to access values of secrets. System secrets (if the pipe has a system) and global secrets
+       can both be accessed. If the secret used in the expression is set on both the system and as a global secret,
+       the system secret takes priority. If using system secrets, the pipe must have permission to read from that system.
+       The named variables ``url``, ``request_params`` and ``request_headers`` are available to the template. Example:
        ``"{{ '' if request_headers['X-Sesam-Authorization'] == secret('webhook_secret') else 'Invalid authorization header value' }}"``.
 
        Our :ref:`custom Jinja filters <custom_jinja_filters>` can also be used for more advanced validation, such as