diff --git a/tools/code-signing-secrets.ts b/tools/code-signing-secrets.ts
index f700140..9c2499f 100644
--- a/tools/code-signing-secrets.ts
+++ b/tools/code-signing-secrets.ts
@@ -1,21 +1,16 @@
 import { ActionsOrganizationSecret } from '@pulumi/github'
 import { Output } from '@pulumi/pulumi'
 
-import identity from '../shared/identity'
 import keyVault from './key-vault'
 
 type Options = {
-  identity: Awaited<ReturnType<typeof identity>>,
   keyVault: Awaited<ReturnType<typeof keyVault>>,
 }
 
 const codeSigningSecretsModule = async ( {
   keyVault,
-  identity: { application, servicePrincipalPassword },
 }: Options ) => ( [
   [ 'url', 'URL', keyVault.properties.vaultUri ],
-  [ 'application-id', 'APPLICATION_ID', application.applicationId ],
-  [ 'client-secret', 'CLIENT_SECRET', servicePrincipalPassword.value ],
   [ 'certificate-name', 'CERTIFICATE_NAME', 'EV-CodeSigning' ],
   [ 'timestamp-url', 'TIMESTAMP_URL', 'http://timestamp.digicert.com' ],
 ] as const ).map( ( [
diff --git a/tools/index.ts b/tools/index.ts
index cbdd0d6..3ea9a2f 100644
--- a/tools/index.ts
+++ b/tools/index.ts
@@ -13,7 +13,7 @@ const stack = async () => {
 
   const keyVault = await keyVaultModule( { azure, identity } )
 
-  await codeSigningSecretsModule( { keyVault, identity } )
+  await codeSigningSecretsModule( { keyVault } )
   await azureSecretsModule( { azure, identity } )
 }