diff --git a/infrastructure/cms/main.bicep b/infrastructure/cms/main.bicep
index c89f370..8d400d5 100644
--- a/infrastructure/cms/main.bicep
+++ b/infrastructure/cms/main.bicep
@@ -3,6 +3,7 @@ import { appendHash } from '../utilities.bicep'
 param databaseClient string
 param logAnalyticsWorkspaceName string
 param keyVaultName string
+param registryName string
 param identityResourceId string
 param cmsImageName string
 param cmsInitImageName string = ''
@@ -15,6 +16,10 @@ resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
   name: keyVaultName
 }
 
+resource registry 'Microsoft.ContainerRegistry/registries@2023-07-01' existing = {
+  name: registryName
+}
+
 module mySql '../modules/sql.bicep' = {
   name: 'deployMysql'
   params: {
@@ -30,9 +35,10 @@ module cmsContainerApp '../modules/containerApp.bicep' = {
     imageName: cmsImageName
     initImageName: cmsInitImageName
     logAnalyicsWorkspaceName: logAnalyticsWorkspaceName
-    keyVaultName: keyVaultName
     targetPort: 1337
     cmsIdentityResourceId: identityResourceId
+    keyVaultUri: keyVault.properties.vaultUri
+    registryLoginServer: registry.properties.loginServer
     environmentVariables: [
       {
         name: 'DATABASE_CLIENT'
diff --git a/infrastructure/modules/containerApp.bicep b/infrastructure/modules/containerApp.bicep
index c8bc5d7..828c206 100644
--- a/infrastructure/modules/containerApp.bicep
+++ b/infrastructure/modules/containerApp.bicep
@@ -5,6 +5,9 @@ param containerAppName string
 param imageName string
 param initImageName string
 param logAnalyicsWorkspaceName string
+param registryLoginServer string
+param keyVaultUri string
+param cmsIdentityResourceId string
 
 param cpu string = '.25'
 param memory string = '0.5Gi'
@@ -14,8 +17,6 @@ param targetPort int = 80
 
 param environmentVariables array
 param secrets array = []
-param keyVaultName string
-param cmsIdentityResourceId string
 
 var location = resourceGroup().location
 
@@ -23,10 +24,6 @@ resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2023-09-01' exis
   name: logAnalyicsWorkspaceName
 }
 
-resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
-  name: keyVaultName
-}
-
 resource containerAppEnvironment 'Microsoft.App/managedEnvironments@2024-03-01' = {
   location: location
   name: appendHash(containerAppEnvironmentName)
@@ -70,10 +67,16 @@ resource containerApp 'Microsoft.App/containerApps@2024-03-01' = {
           }
         ]
       }
+      registries: [
+        {
+          identity: cmsIdentityResourceId
+          server: registryLoginServer
+        }
+      ]
       secrets: [
         for secret in secrets: {
           name: secret.secretName
-          keyVaultUrl: secret.fromKeyVault ? '${keyVault.properties.vaultUri}secrets/${secret.secretName}' : null
+          keyVaultUrl: secret.fromKeyVault ? '${keyVaultUri}secrets/${secret.secretName}' : null
           identity: secret.fromKeyVault ? cmsIdentityResourceId : null
           value: !secret.fromKeyVault ? secret.secretValue : null
         }