diff --git a/main.tf b/main.tf
index 3aa2c33c..6b5c346e 100644
--- a/main.tf
+++ b/main.tf
@@ -37,6 +37,7 @@ variable "dbaas_pgadmin_password" {}
 variable "drone_github_client_id" {}
 variable "drone_github_client_secret" {}
 variable "drone_rpc_secret" {}
+variable "drone_webhook_secret" {}
 variable "dockerhub_registry_password" {}
 variable "oauth2_proxy_client_id" {}
 variable "oauth2_proxy_client_secret" {}
@@ -442,6 +443,7 @@ module "kubernetes_cluster" {
   drone_github_client_id     = var.drone_github_client_id
   drone_github_client_secret = var.drone_github_client_secret
   drone_rpc_secret           = var.drone_rpc_secret
+  drone_webhook_secret       = var.drone_webhook_secret
 
   # Oauth proxy
   oauth2_proxy_client_id            = var.oauth2_proxy_client_id
diff --git a/modules/kubernetes/drone/main.tf b/modules/kubernetes/drone/main.tf
index eb730be6..4d778e3d 100644
--- a/modules/kubernetes/drone/main.tf
+++ b/modules/kubernetes/drone/main.tf
@@ -3,6 +3,7 @@ variable "tier" { type = string }
 variable "github_client_id" {}
 variable "github_client_secret" {}
 variable "rpc_secret" {}
+variable "webhook_secret" {}
 variable "server_host" {}
 variable "server_proto" {}
 variable "rpc_host" {
@@ -98,6 +99,10 @@ resource "kubernetes_deployment" "drone_server" {
             name  = "DRONE_RPC_SECRET"
             value = var.rpc_secret
           }
+          env {
+            name  = "DRONE_WEBHOOK_SECRET"
+            value = var.webhook_secret
+          }
           env {
             name  = "DRONE_SERVER_HOST"
             value = var.server_host
diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
index 6123015c..9bec6813 100644
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@@ -22,6 +22,7 @@ variable "dbaas_pgadmin_password" {}
 variable "drone_github_client_id" {}
 variable "drone_github_client_secret" {}
 variable "drone_rpc_secret" {}
+variable "drone_webhook_secret" {}
 variable "oauth2_proxy_client_id" {}
 variable "oauth2_proxy_client_secret" {}
 variable "oauth2_proxy_authenticated_emails" {}
@@ -220,6 +221,7 @@ module "drone" {
   github_client_id     = var.drone_github_client_id
   github_client_secret = var.drone_github_client_secret
   rpc_secret           = var.drone_rpc_secret
+  webhook_secret       = var.drone_webhook_secret
   server_host          = "drone.viktorbarzin.me"
   server_proto         = "https"
   tier                 = local.tiers.edge
diff --git a/terraform.tfvars b/terraform.tfvars
index 3c20b767..7f367da0 100644
Binary files a/terraform.tfvars and b/terraform.tfvars differ