diff --git a/.github/workflows/asciinema.yml b/.github/workflows/asciinema.yml
index f554db014..36321b6da 100644
--- a/.github/workflows/asciinema.yml
+++ b/.github/workflows/asciinema.yml
@@ -36,6 +36,7 @@ jobs:
           cat <<EOF > justfile.env
           container_registry=${{ env.container_registry }}
           azure_resource_group=${{ env.azure_resource_group }}
+          default_platform="AKS-CLH-SNP"
           EOF
       - name: Get credentials for CI cluster
         run: |
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index de5983b3c..f01e3e035 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -55,6 +55,7 @@ jobs:
           cat <<EOF > justfile.env
           container_registry=${{ env.container_registry }}
           azure_resource_group=${{ env.azure_resource_group }}
+          default_platform=${{ inputs.platform }}
           EOF
       - if: ${{ !inputs.self-hosted }}
         name: Get credentials for CI cluster
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ba7ad80c7..69ae392a7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -399,6 +399,7 @@ jobs:
           cat <<EOF > justfile.env
           container_registry=${{ env.container_registry }}
           azure_resource_group=${{ env.azure_resource_group }}
+          default_platform=${{ matrix.platform.name }}
           EOF
       - name: Get credentials for CI cluster
         if: ${{ !matrix.platform.self-hosted }}
diff --git a/justfile b/justfile
index 4168c0ec2..4e4569459 100644
--- a/justfile
+++ b/justfile
@@ -286,14 +286,30 @@ wait-for-workload target=default_deploy_target:
         ;;
     esac
 
-# Load the kubeconfig from the running AKS cluster.
-get-credentials:
-    nix run -L .#azure-cli -- aks get-credentials \
-        --resource-group "$azure_resource_group" \
-        --name "$azure_resource_group"
-
-get-credentials-peerpod:
-    nix run -L .#scripts.merge-kube-config -- ./infra/azure-peerpods/kube.conf
+# Load the kubeconfig for the given platform.
+get-credentials platform=default_platform:
+    #!/usr/bin/env bash
+    set -euo pipefail
+    case {{ platform }} in
+        "AKS-CLH-SNP")
+            nix run -L .#azure-cli -- aks get-credentials \
+                --resource-group "$azure_resource_group" \
+                --name "$azure_resource_group"
+        ;;
+        "AKS-PEER-SNP")
+            nix run -L .#scripts.merge-kube-config -- ./infra/azure-peerpods/kube.conf
+            ;;
+        "K3s-QEMU-TDX")
+            nix run -L .#scripts.get-credentials "projects/796962942582/secrets/m50-ganondorf-kubeconf/versions/5"
+        ;;
+        "K3s-QEMU-SNP")
+            nix run -L .#scripts.get-credentials "projects/796962942582/secrets/discovery-kubeconf/versions/2"
+        ;;
+        *)
+            echo "Unsupported platform: {{ platform }}"
+            exit 1
+        ;;
+    esac
 
 # Load the kubeconfig from the CI AKS cluster.
 get-credentials-ci:
@@ -302,13 +318,6 @@ get-credentials-ci:
         --name "contrast-ci" \
         --admin
 
-get-credentials-from-gcloud path:
-    nix run -L .#scripts.get-credentials {{ path }}
-
-get-credentials-tdxbm: (get-credentials-from-gcloud "projects/796962942582/secrets/m50-ganondorf-kubeconf/versions/5")
-
-get-credentials-snpbm: (get-credentials-from-gcloud "projects/796962942582/secrets/discovery-kubeconf/versions/2")
-
 # Destroy a running AKS cluster.
 destroy platform=default_platform:
     #!/usr/bin/env bash