diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f0050a3
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,118 @@
+# Created by https://www.toptal.com/developers/gitignore/api/macos,windows,terraform,visualstudiocode
+# Edit at https://www.toptal.com/developers/gitignore?templates=macos,windows,terraform,visualstudiocode
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### macOS Patch ###
+# iCloud generated files
+*.icloud
+
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+### VisualStudioCode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+### VisualStudioCode Patch ###
+# Ignore all local history of files
+.history
+.ionide
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# End of https://www.toptal.com/developers/gitignore/api/macos,windows,terraform,visualstudiocode
\ No newline at end of file
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
new file mode 100644
index 0000000..770267c
--- /dev/null
+++ b/.terraform.lock.hcl
@@ -0,0 +1,46 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/akeyless-community/akeyless" {
+  version     = "1.3.4"
+  constraints = ">= 1.0.0"
+  hashes = [
+    "h1:s8rIv0mLLXHzTGO8cQvO2ZMSEw1PPo3bAq16uK/ZsoU=",
+    "zh:052b03b979276185374e7297aac2b1593f6819b042a57eecf4877d575f98acbd",
+    "zh:0eb6c27995b1646f8dbab722f93676a99e15d801249807acc33216751975a56e",
+    "zh:17fa0ca93b026e8493d8fd60bdc3d73fc863671439dccce239ba9ae89b062fe5",
+    "zh:1d6db1c88bb04dc859c89b9064a759b81432b15b4b44f6b717f99d92861d4cec",
+    "zh:25578c10fee3b3d167f9c3986998f3bfb5390fbf1756c55357b611e322cb090f",
+    "zh:36f0b43b56a94afb7a49d205216d70a41cd5fc98d5d7842b34a88981109f57d5",
+    "zh:6b89abc94320145db24f9fcba40db19c4b2ab9a5a9f80b90107c14037703a173",
+    "zh:7c57ef654dfc3eb439f2709260204f9d1c37f87ae8e49488300ae9d04d3b7e24",
+    "zh:93fcba7fa92770b8439b0dba6b142096a044620ad0ef9602f75f6516259a6791",
+    "zh:a7076650a23a301ea9590cb06048cfe25093d290d0187e1bbc7f5ca9760271e4",
+    "zh:b6477e25ef2db3b70b06ef5a228a4b3b58bb16cbcb0e8e626065895cb5f6a002",
+    "zh:e711a69c5d56de97f7f05a4e9eeb51ab819b6d619d06b88a0e6305b12eb200f0",
+    "zh:eb5df2f583a5b6ca9a0e39bab3c2bdec825b6f02700a52d4fbc1edb81eb6a19e",
+    "zh:f4bed444fea5c41179cd05c20e18e0b82f14234992adf4bff7585e207d5dce3d",
+  ]
+}
+
+provider "registry.terraform.io/integrations/github" {
+  version     = "5.32.0"
+  constraints = "~> 5.0"
+  hashes = [
+    "h1:oyUMDKIIoOl+3EoxworAm9z6dqAAzPIXWyMPCBniPNk=",
+    "zh:06a406a6563d0fc73789196316b01f40c2a65fdb3f92d2797c0bd9f9a3ac0b6b",
+    "zh:0981f5ee76d5a8dd8f72c759a7f62e25a5746a7da444df267bd744fa06af96c7",
+    "zh:09eacf97e95990f2ce8b1d8f8372a6e0d234783d8f162a65b83154fd951a35c7",
+    "zh:106ce76c23b5cf7108e35bebf1f7e8de0a50470c1331002e0eb9e09f2774643d",
+    "zh:13d58278002d7e6ebe0af9403b898d1cd6cae47924b2c060f3d6b55f22f348ee",
+    "zh:1f03341962decdae3509900ba54f041bb7dd28c37086762add54765ad035d6bd",
+    "zh:2d9559d2475fceca464332a2c4fa54f2d6e678d5bf2436d5caa04c14c9dacbe7",
+    "zh:3c12c7c1530609f0bad246e33fd306fb928ca6629e817300bbd60e386f6e89bb",
+    "zh:44a8bb19d6428de8ac6619316e9ada44efda541a495b5e338c4421c9c2b4bfdd",
+    "zh:47fae24fea27c9c740b2d8129d6447251d30e09335b06b26b098a1a9e6ecf668",
+    "zh:7b2b41851a7a35792d5bbef4afda53f3b26ad7075887923203a2e144f6c0ec61",
+    "zh:9d8137e0b10bd3cbb1bedd8c8dac3be6e77e02af0a37b2de292cdc59626664d1",
+    "zh:a864c30878fddd475bb96b4eb23aa7fc44cc6d4563109a6e4ff4ff1269f4b590",
+    "zh:bf4f04484151799e5c2a4e1333fa2b53cff0d6a0a489b8798c65bf6cb8719119",
+  ]
+}
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..da5afd9
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,17 @@
+{
+    "terraform.experimentalFeatures.validateOnSave": true,
+    "[terraform]": {
+        "editor.defaultFormatter": "hashicorp.terraform",
+        "editor.formatOnSave": true,
+        "editor.formatOnSaveMode": "file"
+    },
+    "[terraform-vars]": {
+        "editor.defaultFormatter": "hashicorp.terraform",
+        "editor.formatOnSave": true,
+        "editor.formatOnSaveMode": "file"
+    },
+    "cSpell.words": [
+        "azurerm",
+        "jsondecode"
+    ]
+}
\ No newline at end of file
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..3c5bc43
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,104 @@
+terraform {
+  required_providers {
+    akeyless = {
+      version = ">= 1.0.0"
+      source  = "akeyless-community/akeyless"
+    }
+    github = {
+      source  = "integrations/github"
+      version = "~> 5.0"
+    }
+  }
+
+  cloud {
+    organization = "work-demos"
+
+    workspaces {
+      name = "terraform-cloud-gha-secrets"
+    }
+  }
+}
+
+# Configure the Akeyless Provider
+provider "akeyless" {
+  api_gateway_address = "https://api.akeyless.io"
+
+  jwt_login {
+    access_id = var.AKEYLESS_ACCESS_ID
+    jwt       = var.AKEYLESS_AUTH_JWT
+  }
+}
+
+# Configure the GitHub Provider
+provider "github" {
+  owner = "akeyless-community"
+  token = var.GITHUB_TOKEN
+}
+
+variable "GITHUB_TOKEN" {
+  type        = string
+  description = "GitHub token with repo scope."
+}
+
+variable "AKEYLESS_ACCESS_ID" {
+  type        = string
+  description = "Access ID for the JWT Auth Method for Terraform cloud. Provided by Terraform Cloud through a terraform variable added to the workspace."
+}
+
+variable "GITHUB_REPO" {
+  type        = string
+  description = "GitHub org/repository full name. Provided by Terraform Cloud through a terraform variable added to the workspace."
+}
+
+variable "AKEYLESS_AUTH_JWT" {
+  type        = string
+  description = "Terraform Cloud Workload Identity JWT for authentication into Akeyless. Provided by Terraform Cloud through an agent pool and hooks."
+}
+
+variable "AKEYLESS_DYNAMIC_SECRET_FULL_PATH" {
+  type        = string
+  description = "Full path to the azure dynamic secret in Akeyless. Provided by Terraform Cloud through a terraform variable added to the workspace."
+}
+
+data "akeyless_dynamic_secret" "secret" {
+  path = var.AKEYLESS_DYNAMIC_SECRET_FULL_PATH
+}
+
+output "github_repository" {
+  value = var.GITHUB_REPO
+}
+
+output "akeyless_secret" {
+  value     = data.akeyless_dynamic_secret.secret.value
+  sensitive = true
+}
+
+output "akeyless_secret_json" {
+  value     = jsondecode(jsondecode(data.akeyless_dynamic_secret.secret.value).secret)
+  sensitive = true
+}
+
+resource "github_actions_secret" "subscription_id" {
+  repository      = var.GITHUB_REPO
+  secret_name     = "ARM_SUBSCRIPTION_ID"
+  plaintext_value = "07f75d77-80cc-46a1-b821-22dc487c154e"
+}
+
+
+resource "github_actions_secret" "tenant_id" {
+  repository      = var.GITHUB_REPO
+  secret_name     = "ARM_TENANT_ID"
+  plaintext_value = jsondecode(jsondecode(data.akeyless_dynamic_secret.secret.value).secret).tenantId
+}
+
+resource "github_actions_secret" "client_id" {
+  repository      = var.GITHUB_REPO
+  secret_name     = "ARM_CLIENT_ID"
+  plaintext_value = jsondecode(jsondecode(data.akeyless_dynamic_secret.secret.value).secret).appId
+}
+
+resource "github_actions_secret" "client_secret" {
+  repository      = var.GITHUB_REPO
+  secret_name     = "ARM_CLIENT_SECRET"
+  plaintext_value = jsondecode(jsondecode(data.akeyless_dynamic_secret.secret.value).secret).secretText
+}