diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c78c3c2..ccbd825 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -16,3 +16,7 @@ jobs:
         docker compose run --rm -e JWT=${JWT} spider sh -c "npm ci && npm run test"
       env:
         JWT: ${{ secrets.JWT }}
+        # Use mock AWS CloudFront keys, these do not grant permission to anything.
+        AWS_CLOUDFRONT_PRIVATE_KEY: ${{ secrets.TEST_AWS_CLOUDFRONT_PRIVATE_KEY }}
+        AWS_CLOUDFRONT_PUBLIC_KEY: ${{ secrets.TEST_AWS_CLOUDFRONT_PUBLIC_KEY }}
+        AWS_CLOUDFRONT_PUBLIC_KEYS_OBJECT: ${{ secrets.TEST_AWS_CLOUDFRONT_PUBLIC_KEYS_OBJECT }}
diff --git a/deploy/development/secret.tpl.yml b/deploy/development/secret.tpl.yml
index 15688f1..976d5ca 100644
--- a/deploy/development/secret.tpl.yml
+++ b/deploy/development/secret.tpl.yml
@@ -13,6 +13,7 @@ metadata:
 type: Opaque
 data:
   AWS_CLOUDFRONT_PRIVATE_KEY: "${AWS_CLOUDFRONT_PRIVATE_KEY_BASE64}"
+  AWS_CLOUDFRONT_PUBLIC_KEY: "${AWS_CLOUDFRONT_PUBLIC_KEY_BASE64}"
 ---
 apiVersion: v1
 kind: Secret