diff --git a/.release/ci.hcl b/.release/ci.hcl
new file mode 100644
index 0000000..8f83a40
--- /dev/null
+++ b/.release/ci.hcl
@@ -0,0 +1,46 @@
+# Reference: https://github.com/hashicorp/crt-core-helloworld/blob/main/.release/ci.hcl (private repository)
+
+schema = "2"
+
+project "terraform-provider-cloudinit" {
+  // team is currently unused and has no meaning
+  // but is required to be non-empty by CRT orchestator
+  team = "_UNUSED_"
+
+  slack {
+    notification_channel = "C02M018DV27" // #feed-tf-devex
+  }
+
+  github {
+    organization     = "hashicorp"
+    repository       = "terraform-provider-cloudinit"
+    release_branches = ["main"]
+  }
+}
+
+event "build" {
+  action "build" {
+    organization = "hashicorp"
+    repository   = "terraform-provider-cloudinit"
+    workflow     = "build"
+  }
+}
+
+event "prepare" {
+  # `prepare` is the Common Release Tooling (CRT) artifact processing workflow.
+  # It prepares artifacts for potential promotion to staging and production.
+  # For example, it scans and signs artifacts.
+
+  depends = ["build"]
+
+  action "prepare" {
+    organization = "hashicorp"
+    repository   = "crt-workflows-common"
+    workflow     = "prepare"
+    depends      = ["build"]
+  }
+
+  notification {
+    on = "fail"
+  }
+}
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 506c2bc..708112d 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -1,7 +1,11 @@
+# Reference: https://github.com/hashicorp/security-scanner/blob/main/CONFIG.md#binary (private repository)
+
 binary {
-	secrets      = true
-	go_modules   = true
-	osv          = true
-	oss_index    = false
-	nvd          = false
+  secrets {
+    all = true
+  }
+  go_modules   = true
+  osv          = true
+  oss_index    = false
+  nvd          = false
 }