diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
index 601b67f..8131d81 100644
--- a/.github/workflows/cd.yaml
+++ b/.github/workflows/cd.yaml
@@ -30,6 +30,8 @@ env:
   BRANCH_CD_REPOSITORY: master
   CD_REPOSITORY: CaliberVB/argocd
   ROOT_PATH_CD_REPOSITORY: argocd
+  VAULT_SERVER: https://vault.caliber.build
+
 jobs:
   build-prod:
     runs-on: ubuntu-latest
@@ -53,11 +55,23 @@ jobs:
             exit 1
           fi
 
+      - name: Import Secrets
+        id: import-secrets
+        uses: hashicorp/vault-action@v2
+        with:
+          url: ${{ env.VAULT_SERVER }}
+          token: ${{ secrets.VAULT_TOKEN }}
+          tlsSkipVerify: true
+          secrets: |
+            /kv-v2/data/sre-data/github ACTION_TOKEN |ACTION_TOKEN;
+            /kv-v2/data/sre-data/github AWS_ACCESS_KEY_ID |AWS_ACCESS_KEY_ID;
+            /kv-v2/data/sre-data/github AWS_SECRET_ACCESS_KEY | AWS_SECRET_ACCESS_KEY;
+
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v1
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ env.AWS_REGION }}
 
       - name: Login to Amazon ECR
diff --git a/.github/workflows/migrator.yaml b/.github/workflows/migrator.yaml
index caca5e8..14e1fc2 100644
--- a/.github/workflows/migrator.yaml
+++ b/.github/workflows/migrator.yaml
@@ -28,6 +28,8 @@ env:
   BRANCH_CD_REPOSITORY: master
   CD_REPOSITORY: CaliberVB/argocd
   ROOT_PATH_CD_REPOSITORY: argocd
+  VAULT_SERVER: https://vault.caliber.build
+
 jobs:
   build-prod:
     runs-on: ubuntu-latest
@@ -51,11 +53,22 @@ jobs:
             exit 1
           fi
 
+      - name: Import Secrets
+        id: import-secrets
+        uses: hashicorp/vault-action@v2
+        with:
+          url: ${{ env.VAULT_SERVER }}
+          token: ${{ secrets.VAULT_TOKEN }}
+          tlsSkipVerify: true
+          secrets: |
+            /kv-v2/data/sre-data/github ACTION_TOKEN |ACTION_TOKEN;
+            /kv-v2/data/sre-data/github AWS_ACCESS_KEY_ID |AWS_ACCESS_KEY_ID;
+            /kv-v2/data/sre-data/github AWS_SECRET_ACCESS_KEY | AWS_SECRET_ACCESS_KEY;
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v1
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ env.AWS_REGION }}
 
       - name: Login to Amazon ECR