diff --git a/modules/github-foundations/README.md b/modules/github-foundations/README.md
index b96a1b6..79d9854 100644
--- a/modules/github-foundations/README.md
+++ b/modules/github-foundations/README.md
@@ -28,6 +28,7 @@
 | [github_actions_organization_secret.workload_identity_provider](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_secret) | resource |
 | [github_actions_organization_variable.container_name](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource |
 | [github_actions_organization_variable.custom_oidc_organization_variable](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource |
+| [github_actions_organization_variable.key_vault_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource |
 | [github_actions_organization_variable.resource_group_name](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource |
 | [github_actions_organization_variable.storage_account_name](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource |
 | [github_actions_organization_variable.subscription_id](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource |
@@ -56,7 +57,7 @@
 | <a name="input_account_type"></a> [account\_type](#input\_account\_type) | The type of GitHub account being used. Should be one of either `Personal`, `Organization`, or `Enterprise`. | `string` | n/a | yes |
 | <a name="input_bootstrap_repository_name"></a> [bootstrap\_repository\_name](#input\_bootstrap\_repository\_name) | The name of the bootstrap repository. | `string` | `"bootstrap"` | no |
 | <a name="input_foundation_devs_team_name"></a> [foundation\_devs\_team\_name](#input\_foundation\_devs\_team\_name) | The name of the foundation developers team. | `string` | `"foundation-devs"` | no |
-| <a name="input_oidc_configuration"></a> [oidc\_configuration](#input\_oidc\_configuration) | n/a | <pre>object({<br>    gcp = optional(object({<br>      workload_identity_provider_name_secret_name = optional(string)<br>      workload_identity_provider_name             = string<br><br>      organization_workload_identity_sa_secret_name = optional(string)<br>      organization_workload_identity_sa             = string<br><br>      gcp_secret_manager_project_id_variable_name = optional(string)<br>      gcp_secret_manager_project_id               = string<br><br>      gcp_tf_state_bucket_project_id_variable_name = optional(string)<br>      gcp_tf_state_bucket_project_id               = string<br><br>      bucket_name_variable_name = optional(string)<br>      bucket_name               = string<br><br>      bucket_location_variable_name = optional(string)<br>      bucket_location               = string<br>    }))<br>    azure = optional(object({<br>      bootstrap_client_id_variable_name = optional(string)<br>      bootstrap_client_id               = string<br><br>      organization_client_id_variable_name = optional(string)<br>      organization_client_id               = string<br><br>      tenant_id_variable_name = optional(string)<br>      tenant_id               = string<br><br>      subscription_id_variable_name = optional(string)<br>      subscription_id               = string<br><br>      resource_group_name_variable_name = optional(string)<br>      resource_group_name               = string<br><br>      storage_account_name_variable_name = optional(string)<br>      storage_account_name               = string<br><br>      container_name_variable_name = optional(string)<br>      container_name               = string<br>    }))<br>    custom = optional(object({<br>      organization_secrets   = map(string)<br>      organization_variables = map(string)<br>      repository_secrets     = map(map(string))<br>      repository_variables   = map(map(string))<br>    }))<br>  })</pre> | n/a | yes |
+| <a name="input_oidc_configuration"></a> [oidc\_configuration](#input\_oidc\_configuration) | n/a | <pre>object({<br>    gcp = optional(object({<br>      workload_identity_provider_name_secret_name = optional(string)<br>      workload_identity_provider_name             = string<br><br>      organization_workload_identity_sa_secret_name = optional(string)<br>      organization_workload_identity_sa             = string<br><br>      gcp_secret_manager_project_id_variable_name = optional(string)<br>      gcp_secret_manager_project_id               = string<br><br>      gcp_tf_state_bucket_project_id_variable_name = optional(string)<br>      gcp_tf_state_bucket_project_id               = string<br><br>      bucket_name_variable_name = optional(string)<br>      bucket_name               = string<br><br>      bucket_location_variable_name = optional(string)<br>      bucket_location               = string<br>    }))<br>    azure = optional(object({<br>      bootstrap_client_id_variable_name = optional(string)<br>      bootstrap_client_id               = string<br><br>      organization_client_id_variable_name = optional(string)<br>      organization_client_id               = string<br><br>      tenant_id_variable_name = optional(string)<br>      tenant_id               = string<br><br>      subscription_id_variable_name = optional(string)<br>      subscription_id               = string<br><br>      resource_group_name_variable_name = optional(string)<br>      resource_group_name               = string<br><br>      storage_account_name_variable_name = optional(string)<br>      storage_account_name               = string<br><br>      container_name_variable_name = optional(string)<br>      container_name               = string<br><br>      key_vault_id_variable_name = optional(string)<br>      key_vault_id               = string<br>    }))<br>    custom = optional(object({<br>      organization_secrets   = map(string)<br>      organization_variables = map(string)<br>      repository_secrets     = map(map(string))<br>      repository_variables   = map(map(string))<br>    }))<br>  })</pre> | n/a | yes |
 | <a name="input_organizations_repository_name"></a> [organizations\_repository\_name](#input\_organizations\_repository\_name) | The name of the organizations repository. | `string` | `"organizations"` | no |
 | <a name="input_readme_path"></a> [readme\_path](#input\_readme\_path) | Local Path to the README file in your current codebase. Pushed to the github foundation repository. | `string` | `""` | no |
 
diff --git a/modules/github-foundations/azure-oidc-variables.tf b/modules/github-foundations/azure-oidc-variables.tf
index 7592b3a..7b5ca47 100644
--- a/modules/github-foundations/azure-oidc-variables.tf
+++ b/modules/github-foundations/azure-oidc-variables.tf
@@ -73,3 +73,15 @@ resource "github_actions_organization_variable" "container_name" {
     github_repository.organizations_repo.repo_id
   ]
 }
+
+resource "github_actions_organization_variable" "key_vault_id" {
+  count = var.oidc_configuration.azure != null ? 1 : 0
+
+  variable_name     = coalesce(var.oidc_configuration.azure.key_vault_id_variable_name, "AZURE_KEY_VAULT_ID")
+  value             = var.oidc_configuration.azure.key_vault_id
+  visibility        = "selected"
+  selected_repository_ids = [
+    github_repository.bootstrap_repo.repo_id,
+    github_repository.organizations_repo.repo_id
+  ]
+}
diff --git a/modules/github-foundations/variables.tf b/modules/github-foundations/variables.tf
index bffd7f8..9ee1866 100644
--- a/modules/github-foundations/variables.tf
+++ b/modules/github-foundations/variables.tf
@@ -64,6 +64,9 @@ variable "oidc_configuration" {
 
       container_name_variable_name = optional(string)
       container_name               = string
+
+      key_vault_id_variable_name = optional(string)
+      key_vault_id               = string
     }))
     custom = optional(object({
       organization_secrets   = map(string)