diff --git a/.github/workflows/code_health_fork.yaml b/.github/workflows/code_health_fork.yaml
index 3704ddbc..c833a2e1 100644
--- a/.github/workflows/code_health_fork.yaml
+++ b/.github/workflows/code_health_fork.yaml
@@ -34,17 +34,3 @@ jobs:
         with:
           name: test-results
           path: coverage/lcov.info
-
-  merge-dependabot-pr:
-    name: Merge Dependabot PR
-    if: github.event.pull_request.user.login == 'dependabot[bot]'
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-      contents: write
-    steps:
-      - name: Enable auto-merge for Dependabot PRs
-        run: gh pr merge --auto --squash "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/dependabot_pr.yaml b/.github/workflows/dependabot_pr.yaml
new file mode 100644
index 00000000..28f68272
--- /dev/null
+++ b/.github/workflows/dependabot_pr.yaml
@@ -0,0 +1,26 @@
+---
+name: Dependabot PR
+on:
+  pull_request:
+    types: [opened]
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  merge-dependabot-pr:
+    name: Merge Dependabot PR
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: mongodb-js/devtools-shared/actions/setup-bot-token@main
+        id: app-token
+        with:
+          app-id: ${{ vars.DEVTOOLS_BOT_APP_ID }}
+          private-key: ${{ secrets.DEVTOOLS_BOT_PRIVATE_KEY }}
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}