diff --git a/.github/workflows/temp-push-secrets.yml b/.github/workflows/temp-push-secrets.yml
new file mode 100644
index 00000000..3f7456ad
--- /dev/null
+++ b/.github/workflows/temp-push-secrets.yml
@@ -0,0 +1,41 @@
+name: "TEMP: Push secrets to orchestrator repo"
+
+# One-shot workflow — run manually, then delete this file and branch.
+on:
+  workflow_dispatch:
+
+jobs:
+  push-secrets:
+    name: Push secrets to game-ci/orchestrator
+    runs-on: ubuntu-latest
+    steps:
+      - name: Push UNITY_EMAIL
+        run: gh secret set UNITY_EMAIL --repo game-ci/orchestrator --body "$SECRET_VALUE"
+        env:
+          GH_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+          SECRET_VALUE: ${{ secrets.UNITY_EMAIL }}
+
+      - name: Push UNITY_PASSWORD
+        run: gh secret set UNITY_PASSWORD --repo game-ci/orchestrator --body "$SECRET_VALUE"
+        env:
+          GH_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+          SECRET_VALUE: ${{ secrets.UNITY_PASSWORD }}
+
+      - name: Push UNITY_SERIAL
+        run: gh secret set UNITY_SERIAL --repo game-ci/orchestrator --body "$SECRET_VALUE"
+        env:
+          GH_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+          SECRET_VALUE: ${{ secrets.UNITY_SERIAL }}
+
+      - name: Push GIT_PRIVATE_TOKEN
+        run: gh secret set GIT_PRIVATE_TOKEN --repo game-ci/orchestrator --body "$SECRET_VALUE"
+        env:
+          GH_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}
+          SECRET_VALUE: ${{ secrets.GIT_PRIVATE_TOKEN }}
+
+      - name: Confirm
+        run: |
+          echo "Secrets pushed to game-ci/orchestrator:"
+          gh secret list --repo game-ci/orchestrator
+        env:
+          GH_TOKEN: ${{ secrets.GIT_PRIVATE_TOKEN }}