diff --git a/ratify-on-azure.sh b/ratify-on-azure.sh
new file mode 100644
index 0000000000..ce985237ad
--- /dev/null
+++ b/ratify-on-azure.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+echo "Starting Ratify on Azure\n"
+echo "RESOURCE_GROUP: $RESOURCE_GROUP\n"
+echo "CLUSTER_NAME: $CLUSTER_NAME\n"
+echo "ENABLE_MUTATION: $ENABLE_MUTATION\n"
+echo "ENABLE_CERT_ROTATION: $ENABLE_CERT_ROTATION\n"
+# SUB_ID=$(az account show --query id --output tsv) 
+# echo "SUB_ID: $SUB_ID\n"
+# az account set --subscription $SUB_ID
+# az account show --query "id"
+# az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME -o json
+# echo "enable managed identity ... \n"
+# az aks update --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --enable-managed-identity
+# echo "running az deployment-scripts list\n"
+# az deployment-scripts list --query "[].{Name:name, Identity:identity}"
+# # Get AKS credentials
+# echo "show identity info\n"
+# for i in {1..10}; do
+#     IDENTITY=$(az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --query "identity" -o json)
+#     echo "IDENTITY: $IDENTITY ........"
+#     if [ "$IDENTITY" != "" ]; then
+#         echo "Identity retrieved: $IDENTITY"
+#         break
+#     fi
+#     echo "Identity not yet available, retrying in 10 seconds..."
+#     sleep 10
+# done
+# az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --query "identity" -o json
+# echo "show identityProfile info\n"
+# az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --query "identityProfile" -o json
+# echo "show account info\n"
+# az account show --query "{name:name, user:user}" -o json
+# principalId=$(az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --query "identity.principalId" -o tsv)
+# echo "principalId: $principalId"
+# echo "role assignment ...\n"
+# az role assignment list --assignee $principalId --output table
+# az role assignment create --assignee $principalId --role "Azure Kubernetes Service Cluster User" --scope /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.ContainerService/managedClusters/$CLUSTER_NAME
+
+# clientId=$(az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --query "identity.clientID" -o tsv)
+# echo "clientId: $clientId\n"
+# az deployment-scripts list --query "[].{Name:name, Identity:identity}"
+# az login --identity
+
+az aks get-credentials --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --overwrite-existing
+
+
+# install helm
+curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+
+# Install Ratify using Helm
+helm repo add ratify https://deislabs.github.io/ratify
+helm repo update --namespace gatekeeper-system --create-namespace --set authProvider.azureWorkloadIdentity.clientID=$RATIFY_CLIENT_ID --set provider.enableMutation=$ENABLE_MUTATION --set featureFlags.RATIFY_CERT_ROTATION=$ENABLE_CERT_ROTATION
+  
\ No newline at end of file