diff --git a/.github/workflows/check-for-dependency-updates.yaml b/.github/workflows/check-for-dependency-updates.yaml
index b003377..a91a7a5 100644
--- a/.github/workflows/check-for-dependency-updates.yaml
+++ b/.github/workflows/check-for-dependency-updates.yaml
@@ -19,6 +19,9 @@ jobs:
     updateVersions:
         name: Update the subcharts
         runs-on: "ubuntu-latest"
+        permissions:
+          contents: write
+          id-token: write
         steps:
             - name: Checkout
               uses: actions/checkout@v2
@@ -66,6 +69,20 @@ jobs:
                   echo "changed=true" >> "${GITHUB_OUTPUT}"
                 fi
 
+            - id: get-secrets
+              uses: grafana/shared-workflows/actions/get-vault-secrets@main
+              with:
+                # Secrets placed in the ci/repo/grafana/<repo>/<path> path in Vault
+                repo_secrets: |
+                  APP_ID=github-app:app-id
+                  PRIVATE_KEY=github-app:private-key
+
+            - uses: actions/create-github-app-token@v1
+              id: app-token
+              with:
+                app-id: ${{ env.APP_ID }}
+                private-key: ${{ env.PRIVATE_KEY }}
+
             - name: Create pull request
               if: steps.update-loki.outputs.changed == 'true' || steps.update-grafana-alloy.outputs.changed == 'true' || steps.update-mimir-distributed.outputs.changed == 'true' || steps.update-tempo-distributed.outputs.changed == 'true' || steps.update-minio.outputs.changed == 'true'
               uses: peter-evans/create-pull-request@v5
@@ -79,10 +96,15 @@ jobs:
                 labels: dependencies
                 branch: chore/update-dependencies
                 delete-branch: true
+                team-reviewers: "@grafana/loki-squad"
+                token: ${{ steps.app-token.outputs.token }}
 
     updateGrafana:
         name: Update the Grafana version
         runs-on: "ubuntu-latest"
+        permissions:
+          contents: write
+          id-token: write
         steps:
             - name: Checkout
               uses: actions/checkout@v2
@@ -98,6 +120,20 @@ jobs:
                   echo "changed=true" >> "${GITHUB_OUTPUT}"
                 fi
 
+            - id: get-secrets
+              uses: grafana/shared-workflows/actions/get-vault-secrets@main
+              with:
+                # Secrets placed in the ci/repo/grafana/<repo>/<path> path in Vault
+                repo_secrets: |
+                  APP_ID=github-app:app-id
+                  PRIVATE_KEY=github-app:private-key
+
+            - uses: actions/create-github-app-token@v1
+              id: app-token
+              with:
+                app-id: ${{ env.APP_ID }}
+                private-key: ${{ env.PRIVATE_KEY }}
+
             - name: Create pull request
               if: steps.update-grafana.outputs.changed == 'true'
               uses: peter-evans/create-pull-request@v5
@@ -111,3 +147,5 @@ jobs:
                 labels: dependencies
                 branch: chore/update-minio
                 delete-branch: true
+                team-reviewers: "@grafana/loki-squad"
+                token: ${{ steps.app-token.outputs.token }}