diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..7250e5c
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,37 @@
+# This is a basic workflow to help you get started with Actions
+
+name: secrets-action
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the "gh-pages" branch
+  push:
+    branches: [ "gh-pages" ]
+  pull_request:
+    branches: [ "gh-pages" ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v4
+
+      # Runs a single command using the runners shell
+      # - name: Run a one-line script (example, remove)
+      #  run: echo Hello, world!
+
+      # Runs a set of commands using the runners shell
+      - name: replace secrets
+        run: |
+          echo "Injecting secrets into JS file"
+          # Replace a placeholder in your JavaScript file with the actual secret
+          sed -i 's/GUEST_ACCESS_TOKEN/${{ secrets.GUEST_ACCESS_TOKEN }}/g' ./index.html