diff --git a/.github/workflows/nix-update-hash.yaml b/.github/workflows/nix-update-hash.yaml
index 38b34d3..b097eb8 100644
--- a/.github/workflows/nix-update-hash.yaml
+++ b/.github/workflows/nix-update-hash.yaml
@@ -1,4 +1,5 @@
 name: "nix-update-hash"
+
 on:
   push:
     paths:
@@ -6,43 +7,10 @@ on:
       - 'go.sum'
   workflow_dispatch:
 
+permissions:
+  contents: write
+
 jobs:
   update-hash:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v6
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
-        with:
-          github_access_token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Install Go
-        uses: actions/setup-go@v6
-        with:
-          go-version-file: 'go.mod'
-
-      - name: Install Task
-        uses: arduino/setup-task@v2
-
-      - name: Update nix vendor hash
-        run: task nix-update-hash
-
-      - name: Check for changes
-        id: git-check
-        run: |
-          git diff --exit-code flake.nix || echo "changed=true" >> $GITHUB_OUTPUT
-
-      - name: Commit and push changes
-        if: steps.git-check.outputs.changed == 'true'
-        run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-          git add flake.nix
-          git commit -m "chore(nix): update vendorHash for go deps"
-          git push
+    uses: datum-cloud/actions/.github/workflows/nix-update-hash.yaml@main
+    secrets: inherit