diff --git a/services/service/main.tf b/services/service/main.tf
index d6902bb..045e412 100644
--- a/services/service/main.tf
+++ b/services/service/main.tf
@@ -8,6 +8,7 @@ resource "nomad_job" "service" {
     args               = var.args
     env                = var.env
     task_meta          = var.task_meta
+    task_identity      = var.task_identity
     group_meta         = var.group_meta
     job_meta           = var.job_meta
     constraints        = var.constraints
diff --git a/services/service/service_template.nomad b/services/service/service_template.nomad
index c17b8b6..b725251 100644
--- a/services/service/service_template.nomad
+++ b/services/service/service_template.nomad
@@ -225,6 +225,12 @@ EOF
         %{~ endif ~}
       }
       %{~ endif ~}
+      %{~ if task_identity != null }
+      identity {
+        env = ${task_identity.env}
+        file = ${task_identity.file}
+      }
+      %{~ endif ~}
     }
     %{~ if mysql_bootstrap != null }
     task "mysql-bootstrap" {
diff --git a/services/service/vars.tf b/services/service/vars.tf
index ad135a0..f950564 100644
--- a/services/service/vars.tf
+++ b/services/service/vars.tf
@@ -21,7 +21,6 @@ variable "priority" {
   description = "Scheduler priority of the service"
 }
 
-
 variable "image" {
   type        = string
   description = "Image that should be run"
@@ -39,6 +38,15 @@ variable "task_meta" {
   description = "Meta attributes to attach to the task"
 }
 
+variable "task_identity" {
+  description = "Task workload identity"
+  type = object({
+    env  = optional(bool, false)
+    file = optional(bool, false)
+  })
+  default = null
+}
+
 variable "group_meta" {
   type        = map(string)
   default     = {}