diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
index 1c36310..d4a249b 100644
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@@ -69,9 +69,15 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Save GCP Credentials
-        run: |
-          echo '${{ secrets.GCP_SA_KEY }}' > ${{ env.CREDENTIALS_FILE }}
+      - name: 🔐 Autenticar com o Google Cloud
+        uses: google-github-actions/auth@v3
+        with:
+          project_id: ${{ vars.GCP_PROJECT_ID }}
+          workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+
+      # - name: Save GCP Credentials
+      #   run: |
+      #     echo '${{ secrets.GCP_SA_KEY }}' > ${{ env.CREDENTIALS_FILE }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
index c6d6cca..1e78f63 100644
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -69,9 +69,15 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Save GCP Credentials
-        run: |
-          echo '${{ secrets.GCP_SA_KEY }}' > ${{ env.CREDENTIALS_FILE }}
+      - name: 🔐 Autenticar com o Google Cloud
+        uses: google-github-actions/auth@v3
+        with:
+          project_id: ${{ vars.GCP_PROJECT_ID }}
+          workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+
+      # - name: Save GCP Credentials
+      #   run: |
+      #     echo '${{ secrets.GCP_SA_KEY }}' > ${{ env.CREDENTIALS_FILE }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
diff --git a/infra/dev/main.tf b/infra/dev/main.tf
index 230b405..4035cf7 100644
--- a/infra/dev/main.tf
+++ b/infra/dev/main.tf
@@ -13,6 +13,12 @@ module "cloudrun" {
   environment  = "development"
 }
 
+module "cloudiam" {
+  source = "../modules/cloudiam"
+
+  github_repository_name = var.github_repository_name
+}
+
 output "service_url" {
   value = module.cloudrun.service_url
 }
diff --git a/infra/dev/variables.tf b/infra/dev/variables.tf
index 25f8977..ad9994c 100644
--- a/infra/dev/variables.tf
+++ b/infra/dev/variables.tf
@@ -13,3 +13,8 @@ variable "image_url" {
   description = "URL da imagem docker"
   type        = string
 }
+
+variable "github_repository_name" {
+  description = "The GitHub repository name in the format <org/repo>"
+  type        = string
+}
diff --git a/infra/modules/cloudiam/main.tf b/infra/modules/cloudiam/main.tf
new file mode 100644
index 0000000..1416f7c
--- /dev/null
+++ b/infra/modules/cloudiam/main.tf
@@ -0,0 +1,32 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.0"
+    }
+  }
+}
+
+resource "google_iam_workload_identity_pool" "github_pool" {
+  display_name              = "GitHub Pool"
+  description               = "Workload Identity Pool for GitHub Actions"
+  workload_identity_pool_id = "github-pool"
+}
+
+resource "google_iam_workload_identity_pool_provider" "github_provider" {
+  attribute_condition                = "attribute.repository == '${var.github_repository_name}'"
+  display_name                       = "GitHub Provider"
+  description                        = "Workload Identity Pool Provider for GitHub Actions"
+  workload_identity_pool_id          = google_iam_workload_identity_pool.github_pool.workload_identity_pool_id
+  workload_identity_pool_provider_id = "github-provider"
+  attribute_mapping = {
+    "attribute.actor"      = "assertion.actor"
+    "attribute.aud"        = "assertion.aud"
+    "attribute.repository" = "assertion.repository"
+    "google.subject"       = "assertion.sub"
+  }
+
+  oidc {
+    issuer_uri = "https://token.actions.githubusercontent.com"
+  }
+}
diff --git a/infra/modules/cloudiam/variables.tf b/infra/modules/cloudiam/variables.tf
new file mode 100644
index 0000000..05fede0
--- /dev/null
+++ b/infra/modules/cloudiam/variables.tf
@@ -0,0 +1,5 @@
+variable "github_repository_name" {
+  description = "The GitHub repository name in the format <org/repo>"
+  type        = string
+  default = "Pos-Grad-Devops/api-restaurant"
+}
diff --git a/infra/prod/main.tf b/infra/prod/main.tf
index 9e33cfe..f53b9a3 100644
--- a/infra/prod/main.tf
+++ b/infra/prod/main.tf
@@ -13,6 +13,12 @@ module "cloudrun" {
   environment  = "production"
 }
 
+module "cloudiam" {
+  source = "../modules/cloudiam"
+
+  github_repository_name = var.github_repository_name
+}
+
 output "service_url" {
   value = module.cloudrun.service_url
 }
diff --git a/infra/prod/variables.tf b/infra/prod/variables.tf
index 25f8977..ad9994c 100644
--- a/infra/prod/variables.tf
+++ b/infra/prod/variables.tf
@@ -13,3 +13,8 @@ variable "image_url" {
   description = "URL da imagem docker"
   type        = string
 }
+
+variable "github_repository_name" {
+  description = "The GitHub repository name in the format <org/repo>"
+  type        = string
+}