diff --git a/.github/workflows/stack-cloud.yaml b/.github/workflows/stack-cloud.yaml
index 5def093..ef2134c 100644
--- a/.github/workflows/stack-cloud.yaml
+++ b/.github/workflows/stack-cloud.yaml
@@ -4,6 +4,9 @@ jobs:
   build-and-test:
     name: Build and Test
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v2
       - uses: haskell-actions/setup@v2
@@ -11,8 +14,15 @@ jobs:
           enable-stack: true
           stack-no-global: true
           stack-version: "3.3.1"
+      - id: auth
+        name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v3
+        with:
+          workload_identity_provider: projects/3367369000/locations/global/workloadIdentityPools/wip-github-yqou/providers/wip-provider-github
+          create_credentials_file: true
+          export_environment_variables: true
       - name: Cache Stack Dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: |
             ~/.stack
@@ -23,12 +33,7 @@ jobs:
             - ${{ runner.os }}-
       - name: Install Dependencies
         run: stack install --only-dependencies --test
-      - run: 'mkdir secrets && echo "$GCP_SA_KEY" > ./secrets/service_account.json'
-        shell: bash
-        env:
-          GCP_SA_KEY: ${{secrets.GCP_SA_KEY}}
       - name: Run Tests
         run: stack test
         env:
           PROJECT_ID: ${{secrets.PROJECT_ID}}
-          GOOGLE_APPLICATION_CREDENTIALS: ./secrets/service_account.json