diff --git a/.gitea/workflows/sonarqube.yaml b/.gitea/workflows/sonarqube.yaml
index ff5cf6a..6f329e9 100644
--- a/.gitea/workflows/sonarqube.yaml
+++ b/.gitea/workflows/sonarqube.yaml
@@ -132,14 +132,22 @@ jobs:
       env:
         AWS_ACCESS_KEY_ID: ${{ secrets.MINIO_ACCESS_KEY }}
         AWS_SECRET_ACCESS_KEY: ${{ secrets.MINIO_SECRET_KEY }}
-        TF_BACKEND_ENDPOINT: ${{ secrets.MINIO_ENDPOINT }}
         TF_VAR_role_id: ${{ secrets.VAULT_ROLE_ID }}
         TF_VAR_secret_id: ${{ secrets.VAULT_SECRET_ID }}
         TF_VAR_renovate_endpoint: ${{ secrets.RENOVATE_ENDPOINT }}
         TF_VAR_renovate_token: ${{ secrets.RENOVATE_TOKEN }}
         VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
       run: |
-        terraform init -input=false
+        terraform init -input=false \
+          -backend-config="endpoints={s3=\"${{ secrets.MINIO_ENDPOINT }}\"}" \
+          -backend-config="bucket=${{ secrets.MINIO_BUCKET }}" \
+          -backend-config="key=docker/renovate/terraform.tfstate" \
+          -backend-config="region=main" \
+          -backend-config="skip_credentials_validation=true" \
+          -backend-config="skip_metadata_api_check=true" \
+          -backend-config="skip_requesting_account_id=true" \
+          -backend-config="skip_region_validation=true" \
+          -backend-config="use_path_style=true"
 
     - name: Terraform Plan
       env:
@@ -208,7 +216,17 @@ jobs:
         TF_VAR_renovate_endpoint: ${{ secrets.RENOVATE_ENDPOINT }}
         TF_VAR_renovate_token: ${{ secrets.RENOVATE_TOKEN }}
         VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
-      run: terraform init
+      run: |
+        terraform init \
+          -backend-config="endpoints={s3=\"${{ secrets.MINIO_ENDPOINT }}\"}" \
+          -backend-config="bucket=${{ secrets.MINIO_BUCKET }}" \
+          -backend-config="key=docker/renovate/terraform.tfstate" \
+          -backend-config="region=main" \
+          -backend-config="skip_credentials_validation=true" \
+          -backend-config="skip_metadata_api_check=true" \
+          -backend-config="skip_requesting_account_id=true" \
+          -backend-config="skip_region_validation=true" \
+          -backend-config="use_path_style=true"
 
     - name: Download Terraform Plan from MinIO
       env:
@@ -276,7 +294,16 @@ jobs:
         VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
       run: |
         echo "Performing fresh terraform init (no cache for safety)..."
-        terraform init
+        terraform init \
+          -backend-config="endpoints={s3=\"${{ secrets.MINIO_ENDPOINT }}\"}" \
+          -backend-config="bucket=${{ secrets.MINIO_BUCKET }}" \
+          -backend-config="key=docker/renovate/terraform.tfstate" \
+          -backend-config="region=main" \
+          -backend-config="skip_credentials_validation=true" \
+          -backend-config="skip_metadata_api_check=true" \
+          -backend-config="skip_requesting_account_id=true" \
+          -backend-config="skip_region_validation=true" \
+          -backend-config="use_path_style=true"
 
     - name: Terraform Destroy Plan
       env: