diff --git a/.github/workflows/dependencies-project.yml b/.github/workflows/dependencies-project.yml
new file mode 100644
index 0000000..b3c421c
--- /dev/null
+++ b/.github/workflows/dependencies-project.yml
@@ -0,0 +1,11 @@
+name: Add dependencies to Cloud Platform project
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  add-dependabot-to-project:
+    uses: ministryofjustice/cloud-platform-github-workflows/.github/workflows/dependencies-project.yml@main
+    secrets: inherit
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
index b31fd16..628039d 100644
--- a/.github/workflows/documentation.yml
+++ b/.github/workflows/documentation.yml
@@ -9,7 +9,7 @@ jobs:
     - uses: actions/checkout@v4
       with:
         ref: ${{ github.event.pull_request.head.ref }}
-    - uses: terraform-docs/gh-actions@v1.0.0
+    - uses: terraform-docs/gh-actions@v1.2.0
       with:
         working-dir: .
         output-file: README.md
diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml
index d728c27..e77219f 100644
--- a/.github/workflows/unit.yml
+++ b/.github/workflows/unit.yml
@@ -11,7 +11,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
         with:
           go-version: 1.21.6
       - name: Run Terratest Unit Tests
@@ -28,7 +28,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
         with:
           go-version: 1.21.6
       - name: Run Terratest Unit Tests
diff --git a/README.md b/README.md
index ca48723..a8997f8 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
 
 This Terraform module will create an [Amazon Elastic Container Registry](https://aws.amazon.com/ecr/) private repository for use on the Cloud Platform.
 
-If you're using GitHub as your OIDC provider, this module will automatically create the required variables for authentication in your GitHub repository.
+If you're using GitHub as your OIDC provider, this module will automatically create the required variables for authentication in your GitHub repository. By default these will be created as [repository secrets and variables](https://docs.github.com/en/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository). Alternatively, you can configure the module to instead create the ECR secrets and variables in your own defined [GitHub Environments](https://docs.github.com/en/actions/learn-github-actions/variables#creating-configuration-variables-for-an-environment) with the `github_environments` field. This pattern is useful if you wish to define separate ECR repositories for different Cloud Platform environments within the same GitHub repository.
 
 If you're using CircleCI as your OIDC provider, this module will create a Kubernetes ConfigMap in your namespace with your authentication variables to use as environment variables in CircleCI.
 
@@ -76,6 +76,7 @@ No modules.
 | [github_actions_environment_secret.ecr_role_to_assume](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_environment_secret) | resource |
 | [github_actions_environment_variable.ecr_region](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_environment_variable) | resource |
 | [github_actions_environment_variable.ecr_repository](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_environment_variable) | resource |
+| [github_actions_secret.ecr_registry_url](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
 | [github_actions_secret.ecr_role_to_assume](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
 | [github_actions_variable.ecr_region](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_variable) | resource |
 | [github_actions_variable.ecr_repository](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_variable) | resource |
diff --git a/examples/ecr.tf b/examples/ecr.tf
index beb1951..d56476b 100644
--- a/examples/ecr.tf
+++ b/examples/ecr.tf
@@ -5,7 +5,7 @@
  *
  */
 module "ecr" {
-  source = "github.com/ministryofjustice/cloud-platform-terraform-ecr-credentials?ref=6.1.1"
+  source = "github.com/ministryofjustice/cloud-platform-terraform-ecr-credentials?ref=7.0.0"
 
   # Repository configuration
   repo_name = var.namespace
diff --git a/main.tf b/main.tf
index 68065aa..b219668 100644
--- a/main.tf
+++ b/main.tf
@@ -1,4 +1,9 @@
+data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
+
 locals {
+  ecr_registry_url = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com"
+
   # GitHub configuration
   github_repositories = toset([
     for repository in var.github_repositories : {
@@ -32,9 +37,6 @@ locals {
   }
 }
 
-data "aws_caller_identity" "current" {}
-data "aws_region" "current" {}
-
 # ECR repository
 resource "aws_ecr_repository" "repo" {
   name = "${var.team_name}/${var.repo_name}"
@@ -294,7 +296,7 @@ resource "aws_iam_role_policy_attachment" "github_ecr" {
 
 # Actions
 resource "github_actions_secret" "ecr_role_to_assume" {
-  for_each = local.enable_github ? local.github_repos : []
+  for_each = (length(var.github_environments) == 0 && local.enable_github) ? local.github_repos : []
 
   repository      = each.value
   secret_name     = local.github_variable_names["ECR_ROLE_TO_ASSUME"]
@@ -302,15 +304,23 @@ resource "github_actions_secret" "ecr_role_to_assume" {
 }
 
 resource "github_actions_variable" "ecr_region" {
-  for_each = local.enable_github ? local.github_repos : []
+  for_each = (length(var.github_environments) == 0 && local.enable_github) ? local.github_repos : []
 
   repository    = each.value
   variable_name = local.github_variable_names["ECR_REGION"]
   value         = data.aws_region.current.name
 }
 
+resource "github_actions_secret" "ecr_registry_url" {
+  for_each = (length(var.github_environments) == 0 && local.enable_github) ? local.github_repos : []
+
+  repository      = each.value
+  secret_name     = "ECR_REGISTRY_URL"
+  plaintext_value = local.ecr_registry_url
+}
+
 resource "github_actions_variable" "ecr_repository" {
-  for_each = local.enable_github ? local.github_repos : []
+  for_each = (length(var.github_environments) == 0 && local.enable_github) ? local.github_repos : []
 
   repository    = each.value
   variable_name = local.github_variable_names["ECR_REPOSITORY"]
diff --git a/test/go.mod b/test/go.mod
index 94253df..bc1aa21 100644
--- a/test/go.mod
+++ b/test/go.mod
@@ -26,7 +26,7 @@ require (
 	github.com/googleapis/gax-go/v2 v2.7.1 // indirect
 	github.com/hashicorp/errwrap v1.0.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-getter v1.7.1 // indirect
+	github.com/hashicorp/go-getter v1.7.4 // indirect
 	github.com/hashicorp/go-multierror v1.1.0 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
@@ -55,6 +55,6 @@ require (
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.56.3 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/test/go.sum b/test/go.sum
index 14a8278..dcc31b3 100644
--- a/test/go.sum
+++ b/test/go.sum
@@ -344,8 +344,8 @@ github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/U
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-getter v1.7.1 h1:SWiSWN/42qdpR0MdhaOc/bLR48PLuP1ZQtYLRlM69uY=
-github.com/hashicorp/go-getter v1.7.1/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
+github.com/hashicorp/go-getter v1.7.4 h1:3yQjWuxICvSpYwqSayAdKRFcvBl1y/vogCxczWSmix0=
+github.com/hashicorp/go-getter v1.7.4/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
 github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI=
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo=
@@ -948,8 +948,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=