diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 4f20977..b6b29aa 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -10,3 +10,4 @@ jobs:
     uses: ./.github/workflows/helpers-deploy-argo.yaml
     secrets:
       GH_PAT: ${{ secrets.GH_PAT }}
+      ECR_ROLE_ARN: ${{ github.ref == 'refs/heads/production' && secrets.PRODUCTION_ECR_ROLE_ARN || secrets.STAGING_ECR_ROLE_ARN }}
diff --git a/.github/workflows/helpers-deploy-argo.yaml b/.github/workflows/helpers-deploy-argo.yaml
index 26d3194..3a6614b 100644
--- a/.github/workflows/helpers-deploy-argo.yaml
+++ b/.github/workflows/helpers-deploy-argo.yaml
@@ -9,6 +9,9 @@ on:
       GH_PAT:
         description: "The GitHub Personal Access Token to use for checking out the helm-config repository"
         required: true
+      ECR_ROLE_ARN:
+        description: "The AWS role to assume for ECR"
+        required: true
 
 permissions:
   contents: write
@@ -20,7 +23,7 @@ jobs:
     uses: ./.github/workflows/helpers-build-docker-image.yaml
     name: Build Docker image
     with:
-      aws-role-arn: ${{ github.ref == 'refs/heads/production' && vars.PRODUCTION_ECR_ROLE_ARN || vars.STAGING_ECR_ROLE_ARN }}
+      aws-role-arn: ${{ secrets.ECR_ROLE_ARN }}
       docker_file_path: Dockerfile
 
   update-helm-values: