diff --git a/.github/workflows/terraform-apply.yaml b/.github/workflows/terraform-apply.yaml
index 883f57f..14c1cab 100644
--- a/.github/workflows/terraform-apply.yaml
+++ b/.github/workflows/terraform-apply.yaml
@@ -24,7 +24,7 @@ jobs:
 
       - name: gcp auth (tf apply)
         id: auth
-        uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193
+        uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093
         with:
           workload_identity_provider: projects/546928617664/locations/global/workloadIdentityPools/gha-terraform-checker-pool/providers/gha-terraform-checker-provider
           # Privileged identity, scoped via workload identity to refs/heads/main.
diff --git a/.github/workflows/terraform-plan.yaml b/.github/workflows/terraform-plan.yaml
index bbc694b..f77d869 100644
--- a/.github/workflows/terraform-plan.yaml
+++ b/.github/workflows/terraform-plan.yaml
@@ -19,7 +19,7 @@ jobs:
 
       - name: gcp auth (tf plan)
         id: auth
-        uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193
+        uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093
         with:
           workload_identity_provider: projects/546928617664/locations/global/workloadIdentityPools/gha-terraform-checker-pool/providers/gha-terraform-checker-provider
           # Read-only identity: plan runs against untrusted PR code and must not