diff --git a/cloud/infra/auth.ts b/cloud/infra/auth.ts
index e69de29b..edb1120a 100644
--- a/cloud/infra/auth.ts
+++ b/cloud/infra/auth.ts
@@ -0,0 +1,17 @@
+import { domain } from "./stage";
+import { secret } from "./secrets";
+import { database } from "./database";
+
+const authStorage = new sst.cloudflare.Kv("AuthStorage");
+
+export const auth = new sst.cloudflare.Worker("Auth", {
+  handler: "cloud/packages/functions/src/auth/index.ts",
+  domain: `auth.${domain}`,
+  url: true,
+  link: [
+    database,
+    authStorage,
+    secret.DISCORD_CLIENT_ID,
+    secret.DISCORD_CLIENT_SECRET,
+  ],
+});
diff --git a/cloud/infra/secrets.ts b/cloud/infra/secrets.ts
new file mode 100644
index 00000000..1a931592
--- /dev/null
+++ b/cloud/infra/secrets.ts
@@ -0,0 +1,4 @@
+export const secret = {
+  DISCORD_CLIENT_ID: new sst.Secret("DISCORD_CLIENT_ID"),
+  DISCORD_CLIENT_SECRET: new sst.Secret("DISCORD_CLIENT_SECRET"),
+};
diff --git a/cloud/packages/functions/src/auth/index.ts b/cloud/packages/functions/src/auth/index.ts
index 45d37314..c1e08d3f 100644
--- a/cloud/packages/functions/src/auth/index.ts
+++ b/cloud/packages/functions/src/auth/index.ts
@@ -40,8 +40,8 @@ export default {
       }),
       providers: {
         discord: DiscordAdapter({
-          clientID: Resource.DiscordClientID.value,
-          clientSecret: Resource.DiscordClientSecret.value,
+          clientID: Resource.DISCORD_CLIENT_ID.value,
+          clientSecret: Resource.DISCORD_CLIENT_SECRET.value,
           scopes: ["email", "identify"],
         }),
       },