diff --git a/.github/workflows/google-cloudrun-docker.yml b/.github/workflows/google-cloudrun-docker.yml
index 854dccb..fc54fc5 100644
--- a/.github/workflows/google-cloudrun-docker.yml
+++ b/.github/workflows/google-cloudrun-docker.yml
@@ -53,6 +53,8 @@ env:
   GAR_LOCATION: '${{ secrets.GAR_LOCATION }}'
   SERVICE: '${{ secrets.SERVICE_NAME }}'
   REGION: '${{ secrets.REGION }}'
+  SECRET_ID: '${{ secrets.SECRET_ID }}'
+  SECRET_NAME: '${{ secrets.SECRET_NAME }}'
 
 jobs:
   deploy:
@@ -119,14 +121,24 @@ jobs:
       #     allow-unauthenticated: true
       #     port: 8080
 
+      - name: Pull Secrets
+        id: secrets
+      - uses: google-github-actions/secrets@v2.0.0
+        with:
+          secrets: |
+            GEMINI_API_KEY=${{ env.PROJECT_ID }}/projects/${{ env.SECRET_ID }}/secrets/${{ env.SECRET_NAME }}
+
+
       - name: Deploy to Cloud Run
+        id: deploy
         run: |-
           gcloud run deploy ${{ env.SERVICE }} \
             --image="${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.SERVICE }}/${{ env.SERVICE }}:${{ github.sha }}" \
             --region="${{ env.GAR_LOCATION }}" \
             --platform=managed \
-            --allow-unauthenticated \
-            --port=8080
+            --port=8080 \
+            --env-vars=GEMINI_API_KEY=${{ steps.secrets.outputs.GEMINI_API_KEY }} \
+  
 
       # If required, use the Cloud Run url output in later steps
       - name: Show Output