diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 8a87fae..4487520 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -75,7 +75,7 @@ jobs:
 
       - name: Create Binary Auth attestation
         run: |
-          gcloud beta container binauthz attestations sign-and-create \
+          gcloud beta container binauthz attestations sign-and-create --quiet \
             --artifact-url="${{ env.IMAGE }}@${{ steps.digest.outputs.digest }}" \
             --attestor="projects/${{ env.PROJECT_ID }}/attestors/deploy-attestor" \
             --keyversion="projects/${{ env.PROJECT_ID }}/locations/global/keyRings/binary-auth/cryptoKeys/attestor-key/cryptoKeyVersions/1"
diff --git a/terraform/binary-auth.tf b/terraform/binary-auth.tf
index 38e66a0..3d90bed 100644
--- a/terraform/binary-auth.tf
+++ b/terraform/binary-auth.tf
@@ -1,3 +1,8 @@
+import {
+  to = google_kms_key_ring.binary_auth
+  id = "projects/casecomp-495718/locations/global/keyRings/binary-auth"
+}
+
 resource "google_kms_key_ring" "binary_auth" {
   name     = "binary-auth"
   location = "global"
@@ -5,6 +10,11 @@ resource "google_kms_key_ring" "binary_auth" {
   depends_on = [google_project_service.cloudkms]
 }
 
+import {
+  to = google_kms_crypto_key.attestor_key
+  id = "projects/casecomp-495718/locations/global/keyRings/binary-auth/cryptoKeys/attestor-key"
+}
+
 resource "google_kms_crypto_key" "attestor_key" {
   name     = "attestor-key"
   key_ring = google_kms_key_ring.binary_auth.id
@@ -16,6 +26,11 @@ resource "google_kms_crypto_key" "attestor_key" {
   }
 }
 
+import {
+  to = google_container_analysis_note.deploy_attestor
+  id = "projects/casecomp-495718/notes/deploy-attestor"
+}
+
 resource "google_container_analysis_note" "deploy_attestor" {
   name = "deploy-attestor"
 
@@ -28,6 +43,11 @@ resource "google_container_analysis_note" "deploy_attestor" {
   depends_on = [google_project_service.containeranalysis]
 }
 
+import {
+  to = google_binary_authorization_attestor.deploy
+  id = "projects/casecomp-495718/attestors/deploy-attestor"
+}
+
 resource "google_binary_authorization_attestor" "deploy" {
   name = "deploy-attestor"
 
@@ -35,7 +55,17 @@ resource "google_binary_authorization_attestor" "deploy" {
     note_reference = google_container_analysis_note.deploy_attestor.name
 
     public_keys {
-      id = "${google_kms_crypto_key.attestor_key.id}/cryptoKeyVersions/1"
+      id = "//cloudkms.googleapis.com/v1/projects/casecomp-495718/locations/global/keyRings/binary-auth/cryptoKeys/attestor-key/cryptoKeyVersions/1"
+
+      pkix_public_key {
+        public_key_pem      = <<-EOT
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEz1M4jt+Io7Na86SpMNZkIG+yUEn+
+7N/9tVN7BfbH2jZ76A1zm02/5qC4oPbk/+i0SFcUuKMUCqkv+tv4hORMzA==
+-----END PUBLIC KEY-----
+EOT
+        signature_algorithm = "ECDSA_P256_SHA256"
+      }
     }
   }