diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml
index e9e722bc..78fa3acc 100644
--- a/.github/workflows/docker-hub.yml
+++ b/.github/workflows/docker-hub.yml
@@ -158,13 +158,24 @@ jobs:
       github.event_name != 'pull_request'
     steps:
       -
-        name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: "impress,secrets"
+      -
+        name: Checkout repository
+        uses: actions/checkout@v2
+        with:
+          submodules: recursive
+          token: ${{ steps.app-token.outputs.token }}
       -
         name: Load sops secrets
         uses: rouja/actions-sops@main
         with:
-          secret-file: .github/workflows/secrets.enc.env
+          secret-file: .github/workflows/secrets/numerique-gouv/impress/secrets.enc.env
           age-key: ${{ secrets.SOPS_PRIVATE }}
       -
         name: Call argocd github webhook