diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml
index c09caa6..c27a8ff 100644
--- a/.gitea/workflows/terraform-apply.yml
+++ b/.gitea/workflows/terraform-apply.yml
@@ -1,5 +1,4 @@
-name: Gitea Actions Demo
-run-name: ${{ gitea.actor }} is deploying with Terraform 🚀
+name: Terraform Apply
 
 on:
   push:
@@ -11,20 +10,20 @@ jobs:
     name: "Terraform Apply"
     runs-on: ubuntu-latest
 
-    permissions:
-      contents: read
-      pull-requests: write
-
-    env:
-      TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }}
-      TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
-      TF_VAR_pm_api_token_id: ${{ secrets.PM_API_TOKEN_ID }}
-      TF_VAR_pm_api_token_secret: ${{ secrets.PM_API_TOKEN_SECRET }}
-
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Create secrets.tfvars
+        working-directory: terraform
+        run: |
+          cat > secrets.auto.tfvars << EOF
+          pm_api_token_id     = "${{ secrets.PM_API_TOKEN_ID }}"
+          pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}"
+          SSH_KEY_PUBLIC      = "${{ secrets.SSH_KEY_PUBLIC }}"
+          TS_AUTHKEY          = "${{ secrets.TS_AUTHKEY }}"
+          EOF
+
       - name: Set up Terraform
         uses: hashicorp/setup-terraform@v2
         with:
@@ -41,4 +40,3 @@ jobs:
       - name: Terraform Apply
         working-directory: terraform
         run: terraform apply -auto-approve
-
diff --git a/.gitea/workflows/terraform-plan.yml b/.gitea/workflows/terraform-plan.yml
index 579437e..3247c01 100644
--- a/.gitea/workflows/terraform-plan.yml
+++ b/.gitea/workflows/terraform-plan.yml
@@ -1,5 +1,4 @@
-name: Gitea Actions Demo
-run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
+name: Terraform Plan
 
 on:
   push:
@@ -12,20 +11,20 @@ jobs:
     name: "Terraform Plan"
     runs-on: ubuntu-latest
 
-    permissions:
-      contents: read
-      pull-requests: write
-
-    env:
-      TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }}
-      TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
-      TF_VAR_pm_api_token_id: ${{ secrets.PM_API_TOKEN_ID }}
-      TF_VAR_pm_api_token_secret: ${{ secrets.PM_API_TOKEN_SECRET }}
-
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Create secrets.tfvars
+        working-directory: terraform
+        run: |
+          cat > secrets.auto.tfvars << EOF
+          pm_api_token_id     = "${{ secrets.PM_API_TOKEN_ID }}"
+          pm_api_token_secret = "${{ secrets.PM_API_TOKEN_SECRET }}"
+          SSH_KEY_PUBLIC      = "${{ secrets.SSH_KEY_PUBLIC }}"
+          TS_AUTHKEY          = "${{ secrets.TS_AUTHKEY }}"
+          EOF
+
       - name: Set up Terraform
         uses: hashicorp/setup-terraform@v2
         with:
@@ -52,4 +51,3 @@ jobs:
         with:
           name: terraform-plan
           path: terraform/tfplan
-