diff --git a/manifests/vault/oidc-job.yaml b/manifests/vault/oidc-job.yaml
index 3f2bd41..605adad 100644
--- a/manifests/vault/oidc-job.yaml
+++ b/manifests/vault/oidc-job.yaml
@@ -47,13 +47,14 @@ spec:
               echo 'path "*" { capabilities = ["create", "read", "update", "delete", "list", "sudo"] }' > /tmp/vault-admin.hcl &&
               vault policy write vault-admin /tmp/vault-admin.hcl &&
 
+              echo '{"groups": "vault-admins"}' > /tmp/bound-claims.json &&
               echo "🎯 Creating OIDC role named 'vault-admins'..." &&
               vault write auth/oidc/role/vault-admins \
                 bound_audiences="vault" \
                 allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \
                 user_claim="sub" \
                 groups_claim="groups" \
-                bound_claims=groups:vault-admins \
+                bound_claims=@/tmp/bound-claims.json \
                 oidc_scopes="profile email groups" \
                 policies="vault-admin" \
                 ttl="1h" &&