Add your PrivX domain as the base URL in get_secret.py and upload_authorized_key.py
In .gitlab-ci.yml change the audience claim to your own PrivX domain
Create a local user that matches the JWT sub
Assign a role and secret that matches the one requested in the gitlab pipeline
Add your target hosts in bastion syntax to inventory/static_hosts.yaml
Make sure the target host and account is accessible by the gitlab users role