diff --git a/.github/workflows/opentofu.yml b/.github/workflows/opentofu.yml
index 91f72ff..f7265bc 100644
--- a/.github/workflows/opentofu.yml
+++ b/.github/workflows/opentofu.yml
@@ -10,10 +10,9 @@ on:
 
 permissions:
   contents: read
+  id-token: write
   pull-requests: write
 
 jobs:
   opentofu:
     uses: makeitworkcloud/shared-workflows/.github/workflows/opentofu.yml@main
-    secrets:
-      SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
diff --git a/.sops.yaml b/.sops.yaml
index 8967c45..99901db 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,3 +1,3 @@
 ---
 creation_rules:
-  - age: age152ek83tm4fj5u70r3fecytn4kg7c5xca24erjchxexx4pfqg6das7q763l
+  - kms: arn:aws:kms:us-west-2:332355796717:key/0a45c0f6-71dc-4d54-ab33-9df4de1a9e91
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index bf8f187..5844659 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -11,16 +11,11 @@ github_warp_client_secret: ENC[AES256_GCM,data:/9PdKHBNkCvb+3uaPhkgjQ/d/7uO/BKKu
 #ENC[AES256_GCM,data:NRrIGgCWh0MOpRWx7Cw6wCaZLcOxoCEjXmQ+rwrFfhe2myjGHRA=,iv:EUxsPxSb1dKAMGrLEhipLdvi2ASXVRK7c8MWoHHYIyQ=,tag:ZdPL96rSbeF7JI8i0aABNA==,type:comment]
 warp_private_network: ENC[AES256_GCM,data:GgohATv3bceMezxfesM=,iv:SypBrFaK1DAH5DLca0dodfeV0uZ7pTEh/5WamdFj0u4=,tag:Zv28Trazx45VCLGyCilbmQ==,type:str]
 sops:
-    age:
-        - recipient: age152ek83tm4fj5u70r3fecytn4kg7c5xca24erjchxexx4pfqg6das7q763l
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTQktvS3NPcGRXaGwzc254
-            TGEwMlBkWXZ2dGRtMFdDNmpMdHViVDducER3CmtNY3pnNDkrZ2RnMmZVakx1ZlBU
-            a3l1UUZ1bmlmVHM0eTBqZHZIeG94dEkKLS0tIFlRYU5WeFR3VlViUlFBa0ZCKzFC
-            MTBFY21HTlhGV01tM0pVRGFuc1E5NVUKZE2VS+5cYdHhcSkZlLlX7nvfW3PLuSK7
-            ostSDKZK935LA6iiZoIk7Q9l4xPenhOXv6Oi6uXWq4sJXLAYC2qX1w==
-            -----END AGE ENCRYPTED FILE-----
+    kms:
+        - arn: arn:aws:kms:us-west-2:332355796717:key/0a45c0f6-71dc-4d54-ab33-9df4de1a9e91
+          created_at: "2026-06-19T04:16:51Z"
+          enc: AQICAHj1IggLFhM4nJnKEvmbEpk5E9RxZZoxpZYUW0taoyrz1AEPDTOl9Io3KatXnxPUvKWkAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMyoLVpOVV/XwemMKHAgEQgDuLRRX9BEavxz2UU387cuD/3+lwn3pS+r6CsXI2ho6B+cxR45qHvvoSYg2fi+SXEzo0MgMSdpXhLxlrTw==
+          aws_profile: ""
     lastmodified: "2025-12-28T21:48:14Z"
     mac: ENC[AES256_GCM,data:zYZY9hVSuVwvY8ZmAi+IjgppQxZ76alGESUe2QG3DEiS71uBdOuzZ/4PSMbV95BU8HMmDuFI06BUV8FWSGVM6izWfiQbwWYZmXdAG+wlbIBoKMkO0TuqvD718G6dK5ecPc/8GZxU+dsjWc9hnT7q42ZYw1GjRYY8g3L+9vfNeVs=,iv:M1AGFXYgfkDE3LyVH32M2opv/SYH2phEfHWYl6DeJrY=,tag:HscClM9n5GP9QMU9Ekkt1g==,type:str]
     unencrypted_suffix: _unencrypted