e2b-dev · djeebus · Apr 8, 2026 · Mar 23, 2026 · Mar 23, 2026 · Mar 23, 2026
@@ -4,45 +4,25 @@ inputs:
   environment:
     description: "Target environment for deployment, e.g. staging"
     required: true
-  infisical_client_id:
-    description: "Infisical client ID for accessing secrets"
-    required: true
-  infisical_client_secret:
-    description: "Infisical client secret for accessing secrets"
-    required: true
   install_gcloud:
     description: "Whether to install the gcloud CLI (needed for gsutil/docker auth)"
     required: false
     default: "false"
+  infisical_machine_identity_id:
+    description: "Infisical machine identity ID for accessing secrets"
+    required: true
 
 runs:
   using: "composite"
   steps:
-    - uses: Infisical/secrets-action@v1.0.9
+    - name: Load environment variables from Infisical
+      uses: Infisical/secrets-action@v1.0.15
       with:
-        client-id: ${{ inputs.infisical_client_id }}
-        client-secret: ${{ inputs.infisical_client_secret }}
+        method: "oidc"
+        identity-id: ${{ inputs.infisical_machine_identity_id }}
+        project-slug: "infra-deployment-env"
         env-slug: ${{ inputs.environment }}
-        project-slug: "infra-deployment"
-        export-type: "file"
-        file-output-path: "/.env.infisical"
-
-    - name: Load Environment Variables
-      id: load-env
-      run: |
-        echo ${{ inputs.environment }} > .last_used_env
-        cat .env.infisical | sed "s/='\(.*\)'$/=\1/g" > .env.${{ inputs.environment }}
-
-        # Load environment variables from .env
-        set -a
-        . .env.${{ inputs.environment }}
-        set +a
-
-        echo "GCP_REGION=${GCP_REGION}" >> $GITHUB_ENV
-        echo "GCP_PROJECT_ID=${GCP_PROJECT_ID}" >> $GITHUB_ENV
-        echo "TERRAFORM_STATE_BUCKET=${TERRAFORM_STATE_BUCKET}" >> $GITHUB_ENV
-        echo "GH_WORKLOAD_IDENTITY_PROVIDER=${GH_WORKLOAD_IDENTITY_PROVIDER}" >> $GITHUB_ENV
-      shell: bash
+        export-type: "env"
 
     - name: Setup Service Account
       uses: google-github-actions/auth@v2

@@ -31,6 +31,7 @@ jobs:
   deploy:
     name: Build and upload job to the ${{ inputs.environment }} environment
     runs-on: ci-builder
+    environment: ${{ inputs.environment }}
     permissions:
       contents: read
       id-token: write
@@ -45,9 +46,8 @@ jobs:
         uses: ./.github/actions/deploy-setup
         with:
           environment: ${{ inputs.environment }}
-          infisical_client_id: ${{ secrets.INFISICAL_CLIENT_ID }}
-          infisical_client_secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
           install_gcloud: "true"
+          infisical_machine_identity_id: ${{ vars.INFISICAL_MACHINE_IDENTITY_ID }}
 
       - name: Set up Docker
         env:

@@ -29,6 +29,7 @@ jobs:
   deploy:
     name: Deploy Infra to the ${{ inputs.environment }} environment
     runs-on: ubuntu-22.04
+    environment: ${{ inputs.environment }}
     permissions:
       contents: read
       id-token: write
@@ -43,9 +44,8 @@ jobs:
         uses: ./.github/actions/deploy-setup
         with:
           environment: ${{ inputs.environment }}
-          infisical_client_id: ${{ secrets.INFISICAL_CLIENT_ID }}
-          infisical_client_secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
           install_gcloud: "true"
+          infisical_machine_identity_id: ${{ vars.INFISICAL_MACHINE_IDENTITY_ID }}
 
       - name: Run Terraform state migrations
         if: inputs.plan_only == 'false'

@@ -32,6 +32,7 @@ jobs:
   deploy:
     name: Deploy job to the ${{ inputs.environment }} environment
     runs-on: ubuntu-22.04
+    environment: ${{ inputs.environment }}
     permissions:
       contents: read
       id-token: write
@@ -46,8 +47,7 @@ jobs:
         uses: ./.github/actions/deploy-setup
         with:
           environment: ${{ inputs.environment }}
-          infisical_client_id: ${{ secrets.INFISICAL_CLIENT_ID }}
-          infisical_client_secret: ${{ secrets.INFISICAL_CLIENT_SECRET }}
+          infisical_machine_identity_id: ${{ vars.INFISICAL_MACHINE_IDENTITY_ID }}
 
       - name: Run Terraform state migrations
         if: inputs.plan_only == 'false'