diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 1ab5c12..17ea2f2 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -16,3 +16,10 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+
+  - package-ecosystem: "terraform"
+    # Workflow files stored in the
+    # default location of `.github/workflows`
+    directory: "/example/vault/environments/local"
+    schedule:
+      interval: "monthly"
diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml
index f559050..74f3b73 100644
--- a/.github/workflows/golang.yml
+++ b/.github/workflows/golang.yml
@@ -102,10 +102,10 @@ jobs:
           make release-vars > /tmp/spiffe-vault-release-vars.env
           source /tmp/spiffe-vault-release-vars.env
           if [[ -n "$LDFLAGS" ]]; then
-            echo "::set-output name=LDFLAGS::$LDFLAGS"
+            echo "ldflags=$LDFLAGS" >> $GITHUB_OUTPUT
           fi
           if [[ -n "$GIT_HASH" ]]; then
-            echo "::set-output name=GIT_HASH::$GIT_HASH"
+            echo "git_hash=$GIT_HASH" >> $GITHUB_OUTPUT
           fi
           rm -f /tmp/spiffe-vault-release-vars.env
 
@@ -119,9 +119,9 @@ jobs:
           version: latest
           args: release --rm-dist ${{ (!startsWith(github.ref, 'refs/tags/') && '--snapshot') || '' }}
         env:
+          LDFLAGS: ${{ steps.release-vars.outputs.ldflags }}
+          GIT_HASH: ${{ steps.release-vars.outputs.git_hash }}
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-          LDFLAGS: ${{ steps.release-vars.outputs.LDFLAGS }}
-          GIT_HASH: ${{ steps.release-vars.outputs.GIT_HASH }}
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
 
       - name: Get container info
@@ -129,9 +129,9 @@ jobs:
         if: startsWith(github.ref, 'refs/tags/')
         run: |
           export CONTAINER_DIGEST=$(make container-digest GITHUB_REF=${{ github.ref_name }})
-          echo "::set-output name=container_digest::$CONTAINER_DIGEST"
-          echo "::set-output name=container_tags::$(make container-tags CONTAINER_DIGEST="${CONTAINER_DIGEST}" | paste -s -d ',' -)"
-          echo "::set-output name=container_repos::$(make container-repos CONTAINER_DIGEST="${CONTAINER_DIGEST}" | jq --raw-input . | jq --slurp -c)"
+          echo "container_digest=$CONTAINER_DIGEST" >> $GITHUB_OUTPUT
+          echo "container_tags=$(make container-tags CONTAINER_DIGEST="${CONTAINER_DIGEST}" | paste -s -d ',' -)" >> $GITHUB_OUTPUT
+          echo "container_repos=$(make container-repos CONTAINER_DIGEST="${CONTAINER_DIGEST}" | jq --raw-input . | jq --slurp -c)" >> $GITHUB_OUTPUT
 
       - name: Logout from container registries
         if: ${{ always() }}
diff --git a/example/vault/.terraform-version b/example/vault/.terraform-version
index b0f3d96..d0149fe 100644
--- a/example/vault/.terraform-version
+++ b/example/vault/.terraform-version
@@ -1 +1 @@
-1.0.8
+1.3.4
diff --git a/example/vault/environments/local/.terraform.lock.hcl b/example/vault/environments/local/.terraform.lock.hcl
index 800076b..93a5c76 100644
--- a/example/vault/environments/local/.terraform.lock.hcl
+++ b/example/vault/environments/local/.terraform.lock.hcl
@@ -2,20 +2,25 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.terraform.io/hashicorp/vault" {
-  version     = "2.22.1"
-  constraints = ">= 2.21.0, >= 2.22.1"
+  version     = "3.11.0"
+  constraints = ">= 3.0.0, ~> 3.11.0"
   hashes = [
-    "h1:JTW2/i6KvsOaZ2XBP2At5tP0GZyENJ+a5W7EcBhrevQ=",
-    "zh:0354ae21e4b53490c3a532004e817c8becdd0debdcdf4fc954bc70f267f3dfda",
-    "zh:09477c72b8cbb3ffed58f8666f130685e5f3c99f91467c696174cdf118500d49",
-    "zh:0f00c6b960e0cab4301cda379818079d2998cc0cc1a7eafd69395d1e6588e618",
-    "zh:2fac74c205fc1e0c4b1d800fb7fd8091a4bbeaae254b5e98bdeed8757b53a115",
-    "zh:620bf9b6e2ec0094e564f2668e4faddc9b557314d7725114b0cc33069933e8e3",
-    "zh:aec176654fd7f30c012dfbed58b20f08286e8499150b80e280e70b33f3a4da58",
-    "zh:b0ff022d70996170d43e8d1983404df85aea41eda1352453226d1f73f1b68897",
-    "zh:bbaea8145b302717b3e7be1155820fc5ee486b002f1562ef40fd2f21e4303447",
-    "zh:c9add1aeebef54418550338308f27926e1baae22f095ca53289f11a173dbf40b",
-    "zh:cde7538aaf01b83656cf8b1f70ca7259eac41a586f2c2fbcc7bf4a384dcade26",
-    "zh:f07a9a32366d33a7d2ad763c099563ea547f3e208b77ae3fb9e5894fd92a696a",
+    "h1:AUVEra6fAOiAUWa0FOU+ehx4K2htbsfgLDrMh1H6mQs=",
+    "h1:Bv4MvWZ779WIyaEPdrzgTJnXdQ68C6bXE2F5Aw8dp2A=",
+    "h1:LIxirQGQIesE7LvpKoCm8bKE/R2mCozFPrkfjYzyFFQ=",
+    "h1:o2mhD41UFoa5ix1v4mrbbyowz17ANEoEdT2yQQasli4=",
+    "h1:rAnPcQmzz9QZcVf/8hV5SsDbcFoDJuHZphzfCaeBxnI=",
+    "zh:18cb684852f1b40b2a329ba07ece3363430d69bffdcafea48ed29f954481e39e",
+    "zh:1b96968a8de6849a237cc945cbe247ccd6ec98b4023548b1c0af5d6c6affe4ef",
+    "zh:3e0a0741ba12aa0cf1a2b8b80928450bb329343f4b41f35b0eddbeb52aa6284b",
+    "zh:4a8f0ee5ac4e8a0705d9f38b3d549223fe1142486d71f0b6f24f64ae0d7dd5ca",
+    "zh:4cc6705dcd111e6ad47ab4cfd2d8a99b2b241967abd50add6ac8c27025f4128b",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:8e106e840a963b9ae32dc24b50fa1ceecb09753e6db10ab134009d59d170686b",
+    "zh:8f9c4ccf4da8555b11375d2a09a022d7a8f5ecf701f0bb89a4f07ad0b720bb98",
+    "zh:a6fda115017b42f71f4b7917ae4860354920f0653cb8906ce627129dbabb252b",
+    "zh:c01666362b293b6af8cd556b2c5ffe9014ae8640ec3621c1cfa772fa1a6b335d",
+    "zh:e9be58b1211da0219a5bf6bfd81b8bf474256519426df10672e6dfce3086af60",
+    "zh:fd2272083e90b38c28cd18b1b9d3ae14b6a0ebf08985468d010d2bee8df816e0",
   ]
 }
diff --git a/example/vault/environments/local/versions.tf b/example/vault/environments/local/versions.tf
new file mode 100644
index 0000000..4acca08
--- /dev/null
+++ b/example/vault/environments/local/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0.8"
+
+  required_providers {
+    vault = {
+      source = "hashicorp/vault"
+      version = "~> 3.11.0"
+    }
+  }
+}
diff --git a/example/vault/modules/jwt-auth/providers.tf b/example/vault/modules/jwt-auth/versions.tf
similarity index 61%
rename from example/vault/modules/jwt-auth/providers.tf
rename to example/vault/modules/jwt-auth/versions.tf
index de17590..53d9ac8 100644
--- a/example/vault/modules/jwt-auth/providers.tf
+++ b/example/vault/modules/jwt-auth/versions.tf
@@ -1,9 +1,10 @@
 terraform {
-  required_version = ">= 0.14.5"
+  required_version = ">= 1.0.8"
+
   required_providers {
     vault = {
       source  = "hashicorp/vault"
-      version = ">=2.21.0"
+      version = ">= 3.0.0"
     }
   }
 }
diff --git a/example/vault/modules/secrets/providers.tf b/example/vault/modules/secrets/versions.tf
similarity index 61%
rename from example/vault/modules/secrets/providers.tf
rename to example/vault/modules/secrets/versions.tf
index 99dc771..53d9ac8 100644
--- a/example/vault/modules/secrets/providers.tf
+++ b/example/vault/modules/secrets/versions.tf
@@ -1,9 +1,10 @@
 terraform {
-  required_version = ">= 0.14.5"
+  required_version = ">= 1.0.8"
+
   required_providers {
     vault = {
       source  = "hashicorp/vault"
-      version = ">=2.22.1"
+      version = ">= 3.0.0"
     }
   }
 }
diff --git a/example/vault/modules/transit/versions.tf b/example/vault/modules/transit/versions.tf
new file mode 100644
index 0000000..53d9ac8
--- /dev/null
+++ b/example/vault/modules/transit/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.0.8"
+
+  required_providers {
+    vault = {
+      source  = "hashicorp/vault"
+      version = ">= 3.0.0"
+    }
+  }
+}