diff --git a/Makefile b/Makefile
index 3e3026f9160a35db621364f45430023d3bb193ee..17336eef50bc8df62b1a2ff3d3cd2bbae8f130b7 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@
 MAKEFILE_DIR := $(dir $(firstword $(MAKEFILE_LIST)))
 GCP_ROOT_DIR := $(realpath ${MAKEFILE_DIR}../..)
 # include env vars
-include ${GCP_ROOT_DIR}/env.mk
+include gcp-env.mk
 include ${MAKEFILE_DIR}/env.mk
 export
 
diff --git a/gcp-env.mk b/gcp-env.mk
index 07956fccbe88b73e676677c37a683618bb980078..285ce00b1dbbf2a1438b8a31ee83a0cb41c3d707 100644
--- a/gcp-env.mk
+++ b/gcp-env.mk
@@ -1,9 +1,5 @@
-# GENERATED GCP SHARED ENVIRONMENT VARIABLES. DO NOT EDIT.
-# The source file is env.sh in the uit-authnz repository.
-# If it is changed, re-run 'make sync-env' in uit-authnz repository.
-#
 # Terraform version
-TF_VERSION = "= 0.12.19"
+TF_VERSION = 1.2.7
 
 # GCLOUD Configuration
 GOOGLE_CLOUD_PROJECT=uit-authnz
@@ -17,6 +13,11 @@ GCP_DNS_DOMAIN=iam.stanford.edu
 ACME_DNS_PROVIDER=${GCP_PROJECT_NAME}-d
 GCP_NETWORK=services
 
+# Default SSL policy
+MIN_TLS_VERSION=TLS_1_2
+SSL_POLICY_PROFILE=MODERN
+SSL_POLICY_NAME=${MIN_TLS_VERSION}-${SSL_POLICY_PROFILE}
+
 # Default Docker registry
 DOCKER_NAMESPACE=${GCP_PROJECT_ID}
 DOCKER_REGISTRY=gcr.io
@@ -49,9 +50,6 @@ DOCKER_REGISTRY_PASSWORD_PATH_GCR_USER=${SEC_PATH}/common/gcr-user
 DOCKER_REGISTRY_PASSWORD_PATH_GCR_PULL=${SEC_PATH}/common/gcr-pull
 SPLUNK_ADDON_SA=${SEC_PATH}/common/splunk-addon-sa
 
-# Drone server for CI/CD
-DRONE_SERVER=https://drone.svc.stanford.edu
-
 # GitLab ci configuration
 GITLAB_SERVER=https://code.stanford.edu
 GITLAB_SEC_FILE=../.gitlab-ci.sec
@@ -121,3 +119,5 @@ WALLET_BACKUP_BUCKET=${GCP_ENVIRONMENT}-${GCP_PROJECT_NAME}-wallet-backup
 WALLET_BACKUP_BUCKET_LOCATION=US
 FORCE_DESTROY_WALLET_BACKUP_BUCKET=true
 WALLET_NUMBER_NEWER_VERSIONS_BACKUP_BUCKET=30
+
+ GITLAB_REPO=authnz/uit-authnz