diff --git a/argo-workflows/build.yaml b/argo-workflows/build.yaml
index b0bc302..7d071fc 100644
--- a/argo-workflows/build.yaml
+++ b/argo-workflows/build.yaml
@@ -13,6 +13,13 @@ spec:
       resources:
         requests:
           storage: 128Mi
+  volumes:
+    - name: secrets-store
+      csi:
+        driver: secrets-store.csi.k8s.io
+        readOnly: true
+        volumeAttributes:
+          secretProviderClass: azure-keyvault          
   templates:
 
   # Main steps sequence
@@ -28,6 +35,12 @@ spec:
             parameters:
               - name: git-sha
                 value: "{{steps.checkout.outputs.parameters.git-sha}}"
+      - - name: gitops-commit
+          template: gitops-commit
+          arguments:
+            parameters:
+              - name: git-sha
+                value: "{{steps.checkout.outputs.parameters.git-sha}}"
 
   # GIT CHECKOUT
   - name: checkout
@@ -101,3 +114,53 @@ spec:
       volumeMounts:
         - name: workspace
           mountPath: /workspace
+
+  - name: gitops-commit
+    inputs:
+      parameters:
+        - name: git-sha
+    container:
+      image: alpine/git
+      command: [sh, -c]
+      env:
+        - name: DEPLOY_REPO_URL
+          value: ssh://git@srv22.mikr.us:20343/pikram/user-microservice-deploy.git
+        - name: DEPLOY_REPO_BRANCH
+          value: argo-deploy
+        - name: CI_COMMIT_SHA
+          value: "{{inputs.parameters.git-sha}}"
+      args:
+        - |
+          mkdir -p ~/.ssh
+
+          cp /mnt/secrets/gitea-known-host ~/.ssh/known_hosts
+          chmod 644 ~/.ssh/known_hosts
+
+          cp /mnt/secrets/gitea-deploy-key ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+
+          git config --global user.name "argo[bot]"
+          git config --global user.email "argo@marcin00.pl"
+
+          git clone --depth 1 --branch $DEPLOY_REPO_BRANCH --single-branch $DEPLOY_REPO_URL repo
+          cd repo
+        
+          |
+          awk -v commit="$CI_COMMIT_SHA" '
+          $0 ~ /name:[[:space:]]*api/ { in_api_container = 1; print; next }
+          in_api_container && $0 ~ /^[[:space:]]*image:[[:space:]]*/ {
+              sub(/:[^:[:space:]]+$/, ":" commit)
+              in_api_container = 0
+              print
+              next
+          }
+          { print }
+          ' deploy.yaml > deploy.tmp && mv deploy.tmp deploy.yaml
+        
+          git add deploy.yaml
+          'git diff-index --quiet HEAD || git commit -m "Argo: Changed deployed version to $CI_COMMIT_SHA"'
+          git push origin $DEPLOY_REPO_BRANCH
+      volumeMounts:
+        - name: secrets-store
+          mountPath: "/mnt/secrets"
+          readOnly: true
diff --git a/argo-workflows/secret-store.yaml b/argo-workflows/secret-store.yaml
index 09e2502..e68c66a 100644
--- a/argo-workflows/secret-store.yaml
+++ b/argo-workflows/secret-store.yaml
@@ -14,12 +14,15 @@ spec:
   parameters:
     usePodIdentity: "false"
     useVMManagedIdentity: "true"
-    userAssignedIdentityID: "0c2780e4-8594-4aab-8f1a-8a19f71924bd" # client_id of the user-assigned managed identity
-    clientID: "0c2780e4-8594-4aab-8f1a-8a19f71924bd"               # client_id of the user-assigned managed identity
+    userAssignedIdentityID: "f91aef65-7d2a-4df8-a884-e33b05d54a31" # client_id of the user-assigned managed identity
+    clientID: "f91aef65-7d2a-4df8-a884-e33b05d54a31"               # client_id of the user-assigned managed identity
     keyvaultName: "dev-aks"
     objects:  |
       array:
         - |
-          objectName: acr-password
+          objectName: gitea-known-host
+          objectType: secret
+        - |
+          objectName: gitea-deploy-key
           objectType: secret
     tenantID: "f4e3e6f7-d21c-460e-b201-2192174e7f41"