diff --git a/infra/repository/.terraform.lock.hcl b/infra/repository/.terraform.lock.hcl
new file mode 100644
index 00000000..21e3526f
--- /dev/null
+++ b/infra/repository/.terraform.lock.hcl
@@ -0,0 +1,74 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/azuread" {
+  version     = "3.1.0"
+  constraints = "~> 3.0"
+  hashes = [
+    "h1:QY/V8YuAw2phme+ryKEbZ/9B+Xi7SfXAOVr4uBoRqpk=",
+    "h1:UmSL7MD8ULg/WlRgwisD5lHsjcg9l8AO7AeO0XN96dU=",
+    "h1:sBGDtSwT8Cz4NLBdR+LPPZW0L7kEIzOyvPDjv31COMw=",
+    "h1:ukyPZG2fnTkWoeOizY2c5s5OyOKIwNkkNdBtgnK9W60=",
+    "zh:01b796cf12e93cc811cb15c8465605e75de170802060f9e2fe114835968960dd",
+    "zh:12005fbffb84467ff1d4ce9317370834d1279743bc201d3db95f36315cdf8157",
+    "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
+    "zh:1daf7d4ade44e69593488c1f6571b4fbdaf01ec41538207de1f12609b3830907",
+    "zh:386965c0529ed083b94968c25441385378d8643a5748591b221e6d6d3cea4dbc",
+    "zh:46ede0628c300c6d584135daa93733400b9ce968d8aebb3f925d904b3fcfa781",
+    "zh:7af453bf5217e1818ca5c2126edb8fe573c85f17a0557415a3bc7ae92a8652f5",
+    "zh:b6014600409715ca37aa85ddb066698f592b7d104f09c12a68d45c5b00404272",
+    "zh:bca84d10cd1e805e6d31a888eb6737a96aee14e1b5b919dee73d2a5a8ff85beb",
+    "zh:bd7d6e6c2a086bafdeeb33d5d4f919a8789ef3acf1a0baf2b8ea43996b96c213",
+    "zh:e5b7840b1b9d90c3f6be9a59400b7d0580376415a79aa740eba7f97bf35c25ef",
+    "zh:e94e114b205de36d60bc17a3758f9c4bfc6b01e63be81ae1d9699f9bf9650362",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+  version     = "4.17.0"
+  constraints = "~> 4.0"
+  hashes = [
+    "h1:A9F4aUPJXvpJqrcUclos9kFxk0UQ1QeUYQIopm6cqis=",
+    "h1:VgnUh7PiRa/76P+0NFk8vmrmfLnPT6+tOZ/AP6h4TeQ=",
+    "h1:gpFgaBSkRTxhavgPAuqQcElHJqmRJ1RpQGr1K0dvVW8=",
+    "h1:oX1MLXNBA+FtAvA0rqq/ymCC6vXsb5qbs9EK6C9osYo=",
+    "zh:163b81a3bf29c8f161a1c100a48164b1bd1af434cd564b44596cb71a6c33f03d",
+    "zh:2996b107d3c05a9db14458b32b6f22f8cde0adb96263196d82d3dc302907a257",
+    "zh:361abd84b6e73016ebebb9ef9cd14c237d8b1e4500ea75f73243ff0534e5e4fb",
+    "zh:4872445dcb109fe8bbaba439d3dffaaef849a92645df3f8a854d3a40ac962f68",
+    "zh:61974eb7379acadbceb47b001ae1de2cdefe8cf078a15fff3a6fcc753cd24273",
+    "zh:75c60ca6e7851fe1d52fe9f5a0ae3d219e300ee5aa63bc8f807e3e0cab569ff0",
+    "zh:7c79305cff7849e6c5d9d60fe570510f95fb2e2bd5ae801da0281702f21dd779",
+    "zh:964b7da03f2dc55583cda3c277fef3511824b183a3a88344ae4ff9823af79109",
+    "zh:cad1593d364eb22b68578a1da4fd4d84749dc81f20e6591b27c6cb1eed9d2072",
+    "zh:db1a2ca17aae78813e8e0676bb9ef941e1a1e32d9fc6e1b239c24661605a8425",
+    "zh:e3a65d2f6f5a63cd1beeeb60a23e7e6b7328ebbd46ffe994792aaac6738186c3",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
+
+provider "registry.terraform.io/integrations/github" {
+  version     = "6.5.0"
+  constraints = "~> 6.0"
+  hashes = [
+    "h1:KN6W+TRczQXMQLAI5Cn/xpvJzq8r+/AQCZaxGURXQ3A=",
+    "h1:Pd0cxWU/1e78V3pSg5uFzd22OCMOY5g4OOk50np5+c4=",
+    "h1:ikIBPXI5lx7cV4aqLWYuL+LQnHmf+FybvdpcsfAqK4o=",
+    "h1:rMuaCjyJo4zR9CKZoB1kCpZ9pZke4rlfd+ea0vCpaVg=",
+    "zh:3088bfd30c51ebfcb7c8d829465ec7b3c19af684cf1aff1ea1111ad3c6421c11",
+    "zh:34f9054b0123f9fa7ab8ebc73591d2cf502f1cc75e7594bde42ce799fcac32b6",
+    "zh:406dc2e63d43a24ac4f1b004e5c60ada3347207ea750bbd51e6199eb7f044f9f",
+    "zh:43e7b6cb7e5062d9b7b7cf4d23f6ea99fb9605fb014fede62cda307051063c05",
+    "zh:6a0923ebcc09cb98c488c11582375d2145ba965d1e6f2f69c077be8e1224020b",
+    "zh:a2331f06b7ed57e83eadb784211067d675826f67cf0ed051c8ab20335d83de9a",
+    "zh:a3f82213c98319f20438bdb92145ce1b0407cd8b8eec9745c036db10deb3d3a2",
+    "zh:b4b8db8537d8e6fb3f05ed875726823e1dc6925c479db8749016e71568ebafc4",
+    "zh:cdcf76f6f6f5c638db540490ab35bb1aacfc27204f1197004da5e950024afc06",
+    "zh:de36cea60efe2b74cec958f88ec5c39d467ad9443c9c9e311424c3db229c4e78",
+    "zh:dfb8949edc6722da66c78a19ccb1b81ac855439a28ca3badfdac5c10bbf2190d",
+    "zh:e1a81734cc81f4f51dd11ca8a62b420f68e72d00835ed54f84d71bd56d19f37f",
+    "zh:ec0d51640c3e3cf933c73d0ed79ba8b395d1b94fed8117a6438dba872aa5561f",
+    "zh:ec59b7c420a2358e9750e9c6a8a5ef26ccbb8a2cae417e115e86d63520759ea5",
+    "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25",
+  ]
+}
diff --git a/infra/repository/README.md b/infra/repository/README.md
new file mode 100644
index 00000000..d197b76c
--- /dev/null
+++ b/infra/repository/README.md
@@ -0,0 +1,49 @@
+# IO Auth n Identity Domain - Repository Setup
+
+<!-- markdownlint-disable -->
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | ~>3 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~>4 |
+| <a name="requirement_github"></a> [github](#requirement\_github) | ~>6 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azuread"></a> [azuread](#provider\_azuread) | 3.1.0 |
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | 4.17.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_repo"></a> [repo](#module\_repo) | pagopa/dx-azure-github-environment-bootstrap/azurerm | ~>0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azuread_group.admins](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
+| [azuread_group.developers](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
+| [azuread_group.externals](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/group) | data source |
+| [azurerm_api_management.apim](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management) | data source |
+| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
+| [azurerm_container_app_environment.runner](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/container_app_environment) | data source |
+| [azurerm_key_vault.common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault) | data source |
+| [azurerm_resource_group.dashboards](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+| [azurerm_resource_group.external](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
+| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
+| [azurerm_virtual_network.common](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/virtual_network) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
diff --git a/infra/repository/locals.tf b/infra/repository/locals.tf
new file mode 100644
index 00000000..26370d47
--- /dev/null
+++ b/infra/repository/locals.tf
@@ -0,0 +1,66 @@
+locals {
+  prefix          = "io"
+  env_short       = "p"
+  location        = "italynorth"
+  domain          = "auth"
+  instance_number = "01"
+
+  adgroups = {
+    admins_name    = "io-p-adgroup-auth-admins"
+    devs_name      = "io-p-adgroup-auth-developers"
+    externals_name = "io-p-adgroup-auth-externals"
+  }
+
+  runner = {
+    cae_name                = "${local.prefix}-${local.env_short}-itn-github-runner-cae-01"
+    cae_resource_group_name = "${local.prefix}-${local.env_short}-itn-github-runner-rg-01"
+    secret = {
+      kv_name                = "${local.prefix}-${local.env_short}-kv-common"
+      kv_resource_group_name = "${local.prefix}-${local.env_short}-rg-common"
+    }
+  }
+
+  apim = {
+    name                = "${local.prefix}-${local.env_short}-apim-v2-api"
+    resource_group_name = "${local.prefix}-${local.env_short}-rg-internal"
+  }
+
+  vnet = {
+    name                = "${local.prefix}-${local.env_short}-itn-common-vnet-01"
+    resource_group_name = "${local.prefix}-${local.env_short}-itn-common-rg-01"
+  }
+
+  dns = {
+    resource_group_name = "${local.prefix}-${local.env_short}-rg-external"
+  }
+
+  tf_storage_account = {
+    name                = "iopitntfst001"
+    resource_group_name = "terraform-state-rg"
+  }
+
+  repository = {
+    name                     = "io-auth-n-identity-domain"
+    description              = "Auth&Identity Monorepo"
+    topics                   = ["auth", "io"]
+    reviewers_teams          = ["io-auth-n-identity-backend", "engineering-team-cloud-eng"]
+    default_branch_name      = "main"
+    infra_cd_policy_branches = ["main"]
+    opex_cd_policy_branches  = ["main"]
+    app_cd_policy_branches   = ["main"]
+  }
+
+  key_vault = {
+    name                = "io-p-kv-common"
+    resource_group_name = "io-p-rg-common"
+  }
+
+  tags = {
+    CreatedBy      = "Terraform"
+    Environment    = "Prod"
+    BusinessUnit   = "App IO"
+    ManagementTeam = "IO Autenticazione"
+    Source         = "https://github.com/pagopa/io-auth-n-identity-domain/blob/main/infra/repository"
+    CostCenter     = "TS000 - Tecnologia e Servizi"
+  }
+}
diff --git a/infra/repository/main.tf b/infra/repository/main.tf
new file mode 100644
index 00000000..6896e2de
--- /dev/null
+++ b/infra/repository/main.tf
@@ -0,0 +1,168 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>4"
+    }
+
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "~>3"
+    }
+
+    github = {
+      source  = "integrations/github"
+      version = "~>6"
+    }
+  }
+
+  backend "azurerm" {
+    resource_group_name  = "terraform-state-rg"
+    storage_account_name = "iopitntfst001"
+    container_name       = "terraform-state"
+    key                  = "io-auth-n-identity-domain.repository.tfstate"
+    use_azuread_auth     = true
+  }
+}
+
+provider "azurerm" {
+  features {}
+  storage_use_azuread = true
+}
+
+provider "github" {
+  owner = "pagopa"
+}
+
+data "azurerm_subscription" "current" {}
+
+data "azurerm_client_config" "current" {}
+
+data "azurerm_container_app_environment" "runner" {
+  name                = local.runner.cae_name
+  resource_group_name = local.runner.cae_resource_group_name
+}
+
+data "azurerm_api_management" "apim" {
+  name                = local.apim.name
+  resource_group_name = local.apim.resource_group_name
+}
+
+data "azurerm_key_vault" "common" {
+  name                = local.key_vault.name
+  resource_group_name = local.key_vault.resource_group_name
+}
+
+data "azurerm_virtual_network" "common" {
+  name                = local.vnet.name
+  resource_group_name = local.vnet.resource_group_name
+}
+
+data "azurerm_resource_group" "external" {
+  name = local.dns.resource_group_name
+}
+
+data "azurerm_resource_group" "dashboards" {
+  name = "dashboards"
+}
+
+data "azuread_group" "admins" {
+  display_name = local.adgroups.admins_name
+}
+
+data "azuread_group" "developers" {
+  display_name = local.adgroups.devs_name
+}
+
+data "azuread_group" "externals" {
+  display_name = local.adgroups.externals_name
+}
+
+import {
+  to = module.repo.github_branch_default.main
+  id = "io-auth-n-identity-domain"
+}
+
+import {
+  to = module.repo.github_repository.this
+  id = "io-auth-n-identity-domain"
+}
+
+import {
+  to = module.repo.github_repository_environment.opex_prod_cd
+  id = "io-auth-n-identity-domain:opex-prod-cd"
+}
+
+import {
+  to = module.repo.github_repository_environment.opex_prod_ci
+  id = "io-auth-n-identity-domain:opex-prod-ci"
+}
+
+import {
+  to = module.repo.github_actions_secret.repo_secrets["ARM_TENANT_ID"]
+  id = "io-auth-n-identity-domain/ARM_TENANT_ID"
+}
+
+import {
+  to = module.repo.github_actions_secret.repo_secrets["ARM_SUBSCRIPTION_ID"]
+  id = "io-auth-n-identity-domain/ARM_SUBSCRIPTION_ID"
+}
+
+module "repo" {
+  source  = "pagopa/dx-azure-github-environment-bootstrap/azurerm"
+  version = "~>0"
+
+  environment = {
+    prefix          = local.prefix
+    env_short       = local.env_short
+    location        = local.location
+    domain          = local.domain
+    instance_number = local.instance_number
+  }
+
+  subscription_id = data.azurerm_subscription.current.id
+  tenant_id       = data.azurerm_client_config.current.tenant_id
+
+  entraid_groups = {
+    admins_object_id    = data.azuread_group.admins.object_id
+    devs_object_id      = data.azuread_group.developers.object_id
+    externals_object_id = data.azuread_group.externals.object_id
+  }
+
+  terraform_storage_account = {
+    name                = local.tf_storage_account.name
+    resource_group_name = local.tf_storage_account.resource_group_name
+  }
+
+  repository = {
+    name                     = local.repository.name
+    description              = local.repository.description
+    topics                   = local.repository.topics
+    reviewers_teams          = local.repository.reviewers_teams
+    default_branch_name      = local.repository.default_branch_name
+    infra_cd_policy_branches = local.repository.infra_cd_policy_branches
+    opex_cd_policy_branches  = local.repository.opex_cd_policy_branches
+    app_cd_policy_branches   = local.repository.app_cd_policy_branches
+  }
+
+  github_private_runner = {
+    container_app_environment_id       = data.azurerm_container_app_environment.runner.id
+    container_app_environment_location = data.azurerm_container_app_environment.runner.location
+    key_vault = {
+      name                = local.runner.secret.kv_name
+      resource_group_name = local.runner.secret.kv_resource_group_name
+    }
+    cpu    = 1
+    memory = "2Gi"
+  }
+
+  apim_id                    = data.azurerm_api_management.apim.id
+  pep_vnet_id                = data.azurerm_virtual_network.common.id
+  dns_zone_resource_group_id = data.azurerm_resource_group.external.id
+  opex_resource_group_id     = data.azurerm_resource_group.dashboards.id
+  keyvault_common_ids = [
+    data.azurerm_key_vault.common.id
+  ]
+
+  tags = local.tags
+}
diff --git a/infra/repository/tfmodules.lock.json b/infra/repository/tfmodules.lock.json
new file mode 100644
index 00000000..a467362b
--- /dev/null
+++ b/infra/repository/tfmodules.lock.json
@@ -0,0 +1,4 @@
+{
+  "repo": "39e0c38ca3bbbcd0c771c87db98066902eba55f48b81a5ca4b37c327668298bc",
+  "repo.naming_convention": "5b1d21788783dcf33e17a9842f9f7c874c8c5f736c82e70979eb9c8785a74ce4"
+}