diff --git a/.gitea/workflows/tf-apply.yml b/.gitea/workflows/tf-apply.yml
index ce98099..5631858 100644
--- a/.gitea/workflows/tf-apply.yml
+++ b/.gitea/workflows/tf-apply.yml
@@ -2,12 +2,18 @@ name: tf-apply
 on:
   workflow_call:
     secrets:
+      gpg-key:
+        required: true
+        type: string
       tf-api-token:
         required: true
+        type: string
       ssh-private-key:
         required: true
+        type: string
       ssh-known-hosts:
         required: true
+        type: string
 
 jobs:
   tf-plan:
@@ -17,6 +23,20 @@ jobs:
       tfplanexitcode: ${{ steps.tfplan.outputs.exitcode }}
 
     steps:
+      - name: Clone blackbox repo
+        uses: actions/checkout@v4
+        with:
+          repository: xaked/blackbox
+          path: /tmp/blackbox
+          ref: master
+      - name: Decrypt secrets
+        shell: bash
+        run: |
+          cd /tmp/blackbox || exit 1;
+          make copy-install;
+          echo ${{ secrets.gpg-key }} | base64 -d | gpg --import;
+          cd ${{ github.workspace }};
+          blackbox_decrypt_all_files;
       - uses: hashicorp/setup-terraform@v2
         with:
           terraform_version: 1.5.7
@@ -71,6 +91,20 @@ jobs:
     if: needs.tf-plan.outputs.tfplanexitcode == 2
 
     steps:
+      - name: Clone blackbox repo
+        uses: actions/checkout@v4
+        with:
+          repository: xaked/blackbox
+          path: /tmp/blackbox
+          ref: master
+      - name: Decrypt secrets
+        shell: bash
+        run: |
+          cd /tmp/blackbox || exit 1;
+          make copy-install;
+          echo ${{ secrets.gpg-key }} | base64 -d | gpg --import;
+          cd ${{ github.workspace }};
+          blackbox_decrypt_all_files;
       - uses: hashicorp/setup-terraform@v2
         with:
           terraform_version: 1.5.7
diff --git a/.gitea/workflows/tf-plan.yml b/.gitea/workflows/tf-plan.yml
index dccdbb3..67d553c 100644
--- a/.gitea/workflows/tf-plan.yml
+++ b/.gitea/workflows/tf-plan.yml
@@ -2,12 +2,18 @@ name: tf-plan
 on:
   workflow_call:
     secrets:
+      gpg-key:
+        required: true
+        type: string
       tf-api-token:
         required: true
+        type: string
       ssh-private-key:
         required: true
+        type: string
       ssh-known-hosts:
         required: true
+        type: string
 
 jobs:
   tf-plan:
@@ -15,6 +21,20 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Clone blackbox repo
+        uses: actions/checkout@v4
+        with:
+          repository: xaked/blackbox
+          path: /tmp/blackbox
+          ref: master
+      - name: Decrypt secrets
+        shell: bash
+        run: |
+          cd /tmp/blackbox || exit 1;
+          make copy-install;
+          echo ${{ secrets.gpg-key }} | base64 -d | gpg --import;
+          cd ${{ github.workspace }};
+          blackbox_decrypt_all_files;
       - uses: hashicorp/setup-terraform@v2
         with:
           terraform_version: 1.5.7