diff --git a/.woodpecker/dns.yml b/.woodpecker/dns.yml
index a65d728..3d3cf2f 100644
--- a/.woodpecker/dns.yml
+++ b/.woodpecker/dns.yml
@@ -10,8 +10,8 @@ pipeline:
       - cd dns
       - terraform init
       - terraform validate
-      - terraform plan -var "token=$LINODE_TOKEN"
-    secrets: [linode_token, aws_access_key_id, aws_secret_access_key]
+      - terraform plan -var "token=$LINODE_TOKEN" -var "secret=$GLAUCA_TSIG_SECRET"
+    secrets: [linode_token, aws_access_key_id, aws_secret_access_key, glauca_tsig_secret]
 
   deploy:
     image: alpine:3.16
@@ -25,6 +25,6 @@ pipeline:
       - cd dns
       - terraform init
       - terraform validate
-      - terraform plan -out deploy.plan -var "token=$LINODE_TOKEN"
+      - terraform plan -out deploy.plan -var "token=$LINODE_TOKEN" -var "secret=$GLAUCA_TSIG_SECRET"
       - terraform apply deploy.plan
-    secrets: [linode_token, aws_access_key_id, aws_secret_access_key]
+    secrets: [linode_token, aws_access_key_id, aws_secret_access_key, glauca_tsig_secret]
diff --git a/dns/variables.tf b/dns/variables.tf
index fc5ff33..ecf4913 100644
--- a/dns/variables.tf
+++ b/dns/variables.tf
@@ -1,3 +1,7 @@
 variable "token" {
 	description = "Linode API token"
 }
+
+variable "secret" {
+	description = "TSIG secret"
+}