diff --git a/23_workload_identity/readme.md b/23_workload_identity/readme.md
index c1e744d..33e9d2b 100644
--- a/23_workload_identity/readme.md
+++ b/23_workload_identity/readme.md
@@ -49,6 +49,7 @@ export USER_ASSIGNED_CLIENT_ID="$(az identity show --resource-group ${RESOURCE_G
 # create keyvault and secret
 az keyvault create --resource-group ${RESOURCE_GROUP} --location ${LOCATION} --name ${KEYVAULT_NAME}
 az keyvault secret set --vault-name ${KEYVAULT_NAME} --name ${KEYVAULT_SECRET_NAME} --value 'Hello!'
+export KEYVAULT_URL="$(az keyvault show -g "${RESOURCE_GROUP}" -n ${KEYVAULT_NAME} --query properties.vaultUri -o tsv)"
 ```
 
 ```bash
@@ -92,14 +93,16 @@ kind: Pod
 metadata:
   name: quick-start
   namespace: ${SERVICE_ACCOUNT_NAMESPACE}
+  labels:
+    azure.workload.identity/use: "true"
 spec:
   serviceAccountName: ${SERVICE_ACCOUNT_NAME}
   containers:
     - image: ghcr.io/azure/azure-workload-identity/msal-go
       name: oidc
       env:
-      - name: KEYVAULT_NAME
-        value: ${KEYVAULT_NAME}
+      - name: KEYVAULT_URL
+        value: ${KEYVAULT_URL}
       - name: SECRET_NAME
         value: ${KEYVAULT_SECRET_NAME}
   nodeSelector:
@@ -118,4 +121,4 @@ kubectl logs quick-start
 kubectl delete pod quick-start
 kubectl delete sa "${SERVICE_ACCOUNT_NAME}" --namespace "${SERVICE_ACCOUNT_NAMESPACE}"
 az group delete --name "${RESOURCE_GROUP}"
-```
\ No newline at end of file
+```