diff --git a/.gitea/workflows/deploy-k8s-bootstrap.yaml b/.gitea/workflows/deploy-k8s-bootstrap.yaml
index 6d9d6de..eaf554d 100644
--- a/.gitea/workflows/deploy-k8s-bootstrap.yaml
+++ b/.gitea/workflows/deploy-k8s-bootstrap.yaml
@@ -85,31 +85,3 @@ jobs:
           cloud-url: ${{ secrets.PULUMI_BACKEND_URL }}
         env:
           PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}
-
-      # Propagate kubeconfig to the downstream stacks so their next deploy picks it up
-      - name: Propagate kubeconfig to k8s-infra
-        run: |
-          echo "${{ secrets.K8S_INFRA_DEV_YAML }}" | base64 -d > k8s-infra/Pulumi.dev.yaml
-          cd k8s-infra && npm install
-          KUBECONFIG=$(cd ../k8s-bootstrap && pulumi stack output kubeconfig --show-secrets \
-            --cloud-url "${{ secrets.PULUMI_BACKEND_URL }}" -s dev)
-          pulumi config set --secret kubeconfig "$KUBECONFIG" \
-            --cloud-url "${{ secrets.PULUMI_BACKEND_URL }}" -s dev
-          # Re-encode updated config for the secret (update manually in Gitea after first run)
-          base64 -w 0 Pulumi.dev.yaml
-        working-directory: .
-        env:
-          PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}
-
-      - name: Propagate kubeconfig to k8s-apps
-        run: |
-          echo "${{ secrets.K8S_APPS_DEV_YAML }}" | base64 -d > k8s-apps/Pulumi.dev.yaml
-          cd k8s-apps && npm install
-          KUBECONFIG=$(cd ../k8s-bootstrap && pulumi stack output kubeconfig --show-secrets \
-            --cloud-url "${{ secrets.PULUMI_BACKEND_URL }}" -s dev)
-          pulumi config set --secret kubeconfig "$KUBECONFIG" \
-            --cloud-url "${{ secrets.PULUMI_BACKEND_URL }}" -s dev
-          base64 -w 0 Pulumi.dev.yaml
-        working-directory: .
-        env:
-          PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}