diff --git a/.github/scripts/deploy-registry.sh b/.github/scripts/deploy-registry.sh
deleted file mode 100755
index bac8f03..0000000
--- a/.github/scripts/deploy-registry.sh
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/usr/bin/env bash
-set -o pipefail
-set -u
-
-VERBOSE="${VERBOSE:-0}"
-if [[ "${VERBOSE}" -ne "0" ]]; then
-    set -x
-fi
-
-# List of required environment variables
-required_vars=(
-    "GCLOUD_API_KEY"
-    "GCLOUD_PROD_DEPLOY_SECRET"
-    "GCLOUD_DEV_DEPLOY_SECRET"
-)
-
-# Check if each required variable is set
-for var in "${required_vars[@]}"; do
-    if [[ -z "${!var:-}" ]]; then
-        echo "Error: Environment variable '$var' is not set."
-        exit 1
-    fi
-done
-
-# Trigger a build for dev 
-# DONT EVER SET ANY FLAGS THAT MIGHT PRINT THE URL, AS IT HAS SECRETS IN IT
-curl -X POST "https://cloudbuild.googleapis.com/v1/projects/coder-registry-1/triggers/http-build-registry-v2-dev:webhook?key=${GCLOUD_API_KEY}&secret=${GCLOUD_DEV_DEPLOY_SECRET}" \
--H "Content-Type: application/json" \
--d '{}' \
---fail
-
-# Trigger a build for prod
-# DONT EVER SET ANY FLAGS THAT MIGHT PRINT THE URL, AS IT HAS SECRETS IN IT
-curl -X POST "https://cloudbuild.googleapis.com/v1/projects/coder-registry-1/triggers/http-build-registry-v2-trigger:webhook?key=${GCLOUD_API_KEY}&secret=${GCLOUD_PROD_DEPLOY_SECRET}" \
--H "Content-Type: application/json" \
--d '{}' \
---fail
\ No newline at end of file
diff --git a/.github/workflows/deploy-registry.yaml b/.github/workflows/deploy-registry.yaml
index 3132087..fc112c8 100644
--- a/.github/workflows/deploy-registry.yaml
+++ b/.github/workflows/deploy-registry.yaml
@@ -5,9 +5,6 @@ on:
     branches:
       - main
 
-  pull_request:
-  workflow_dispatch:
-
 jobs:
   deploy:
     runs-on: ubuntu-latest
@@ -15,11 +12,19 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Run deploy-registry.sh
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f 
+        with:
+          workload_identity_provider: projects/309789351055/locations/global/workloadIdentityPools/github-actions/providers/github
+          service_account: registry-v2-github@coder-registry-1.iam.gserviceaccount.com
+
+      - name: Set up Google Cloud SDK
+        uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a 
+
+        # For the time being, let's have the first couple merges to main in modules deploy a new version
+        # to *dev*. Once we review and make sure everything's working, we can deploy a new version to *main*. 
+        # Maybe in the future we could automate this based on the result of E2E tests.
+      - name: Deploy to dev.registry.coder.com
         run: |
-          ./.github/scripts/deploy-registry.sh
-        env:
-          GCLOUD_API_KEY: ${{ secrets.GCLOUD_API_KEY }}
-          GCLOUD_PROD_DEPLOY_SECRET: ${{ secrets.GCLOUD_PROD_DEPLOY_SECRET }}
-          GCLOUD_DEV_DEPLOY_SECRET: ${{ secrets.GCLOUD_DEV_DEPLOY_SECRET }}
+          gcloud builds triggers run 29818181-126d-4f8a-a937-f228b27d3d34 --branch dev
   
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 6d6f5a2..a2e63be 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,7 @@
 .terraform*
 node_modules
 *.tfstate
-*.tfstate.lock.info
\ No newline at end of file
+*.tfstate.lock.info
+
+# Ignore generated credentials from google-github-actions/auth
+gha-creds-*.json
\ No newline at end of file