diff --git a/.github/scripts/plugin-helper-gh-pr-create.sh b/.github/scripts/plugin-helper-gh-pr-create.sh
deleted file mode 100755
index 5c78a60b379f..000000000000
--- a/.github/scripts/plugin-helper-gh-pr-create.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-# this script expects the following env vars to be set
-# error if these are not set
-[ ${GITHUB_TOKEN:?} ]
-[ ${PLUGIN_REPO:?} ]
-[ ${VAULT_BRANCH:?} ]
-[ ${PLUGIN_BRANCH:?} ]
-[ ${RUN_ID:?} ]
-
-# we are using the GH API directly so that we can get the resulting
-# PR URL from the JSON response
-
-resp=$(curl -SL \
-  -X POST \
-  -H "Accept: application/vnd.github+json" \
-  -H "Authorization: Bearer ${GITHUB_TOKEN}"\
-  -H "X-GitHub-Api-Version: 2022-11-28" \
-  https://api.github.com/repos/hashicorp/vault/pulls \
-  --data @<(cat <<EOF
-{
-  "title":"[DO NOT MERGE]: $PLUGIN_REPO Automated plugin update check",
-  "body":"Updates $PLUGIN_REPO to verify vault CI. Full log: https://github.com/hashicorp/vault/actions/runs/$RUN_ID",
-  "head":"$VAULT_BRANCH",
-  "base":"main"
-}
-EOF
-)
-)
-
-echo "captured response:"
-echo "$resp" | jq .
-
-# get Vault PR number
-vault_pr_num=$(echo "$resp" | jq -r '.number')
-vault_pr_url=$(echo "$resp" | jq -r '.html_url')
-echo "Vault PR number: $vault_pr_url"
-
-# add labels to Vault PR - this requires a wider permission set than we currently have available as a repo token
-#reviewers="austingebauer,fairclothjm,vinay-gopalan,maxcoulombe,robmonte,Zlaticanin,kpcraig,raymonstah"
-#gh pr edit "$vault_pr_num" --add-label "dependencies,pr/no-changelong,pr/no-milestone" --repo hashicorp/vault
-#gh pr edit "$vault_pr_num" --add-reviewer "$reviewers"
-
-# get Plugin PR number
-plugin_pr_num=$(gh pr list --head "$PLUGIN_BRANCH" --json number --repo "$PLUGIN_REPO" -q '.[0].number')
-
-# make a comment on the plugin repo's PR
-gh pr comment "$plugin_pr_num" --body "Vault CI check PR: $vault_pr_url" --repo "$PLUGIN_REPO"
diff --git a/.github/workflows/plugin-update-check.yml b/.github/workflows/plugin-update-check.yml
index 96588a9e377b..5259f929f64c 100644
--- a/.github/workflows/plugin-update-check.yml
+++ b/.github/workflows/plugin-update-check.yml
@@ -50,6 +50,7 @@ jobs:
           git push -f origin ${{ github.ref_name }}:"$VAULT_BRANCH"
 
       - name: Open pull request if needed
+        id: pr
         if: steps.changes.outputs.count > 0
         env:
           GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
@@ -58,9 +59,52 @@ jobs:
           PR=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')
 
           if [ -z "$PR" ]; then
-            # call the script to create the plugin update PR on Vault
-            ./.github/scripts/plugin-helper-gh-pr-create.sh
+            gh pr create \
+            --head "$VAULT_BRANCH" \
+            --title "[DO NOT MERGE]: $PLUGIN_REPO Automated plugin update check" \
+            --body "Updates $PLUGIN_REPO to verify vault CI. Full log: https://github.com/hashicorp/vault/actions/runs/$RUN_ID"
 
+            echo "vault_pr_num=$(gh pr list --head "$VAULT_BRANCH" --json number -q '.[0].number')" >> "$GITHUB_OUTPUT"
+            echo "vault_pr_url=$(gh pr list --head "$VAULT_BRANCH" --json html_url -q '.[0].html_url')" >> "$GITHUB_OUTPUT"
           else
             echo "Pull request already exists, won't create a new one."
           fi
+
+      - name: Add labels to Vault CI check PR
+        if: steps.changes.outputs.count > 0
+        env:
+          # this is a different token to the one we have been using that should
+          # allow us to add labels
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+        run: |
+          if [ -z "$vault_pr_num" ]; then
+            echo "error: no vault PR found"
+            exit 1
+          fi
+
+          gh pr edit "${{ steps.pr.outputs.vault_pr_num }}" \
+            --add-label "dependencies,pr/no-changelong,pr/no-milestone" \
+            --repo hashicorp/vault
+
+      - name: Comment on plugin PR
+        if: steps.changes.outputs.count > 0
+        env:
+          GITHUB_TOKEN: ${{secrets.ELEVATED_GITHUB_TOKEN}}
+        run: |
+          # get Plugin PR number
+          plugin_pr_num=$(gh pr list --head "$PLUGIN_BRANCH" --json number --repo "$PLUGIN_REPO" -q '.[0].number')
+
+          if [ -z "$plugin_pr_num" ]; then
+            echo "error: no plugin PR found"
+            exit 1
+          fi
+
+          if [ -z "${{ steps.pr.outputs.vault_pr_url }}" ]; then
+            echo "error: no vault PR found"
+            exit 1
+          fi
+
+          # make a comment on the plugin repo's PR
+          gh pr comment "$plugin_pr_num" \
+            --body "Vault CI check PR: ${{ steps.pr.outputs.vault_pr_url }}" \
+            --repo "$PLUGIN_REPO"