diff --git a/CHANGELOG.md b/CHANGELOG.md
index d22213d..a36ec17 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@
 Notable changes to this project are documented in this changelog.  
 This project adheres to the [semantic versioning] specification.
 
+## [1.5.2] – 2023-06-29
+
+- Discard the order of thumbprints ([5fae63a](https://github.com/unfunco/terraform-aws-oidc-github/commit/5fae63a23c87a59839453df6b04956babd32734e))
+
 ## [1.5.1] – 2023-06-28
 
 - Prevent duplication of thumbprints ([35f725d](https://github.com/unfunco/terraform-aws-oidc-github/commit/35f725d4448b6838afd5b9e95ca793f7d4988665))
@@ -122,4 +126,5 @@ This project adheres to the [semantic versioning] specification.
 [1.4.0]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.3.1...v1.4.0
 [1.5.0]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.4.0...v1.5.0
 [1.5.1]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.5.0...v1.5.1
+[1.5.2]: https://github.com/unfunco/terraform-aws-oidc-github/compare/v1.5.1...v1.5.2
 [semantic versioning]: https://semver.org
diff --git a/README.md b/README.md
index 9a422d6..3946298 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,7 @@ provider "aws" {
 
 module "oidc_github" {
   source  = "unfunco/oidc-github/aws"
-  version = "1.5.1"
+  version = "1.5.2"
 
   github_repositories = [
     "org/repo",
diff --git a/main.tf b/main.tf
index e6974e2..15b0f63 100644
--- a/main.tf
+++ b/main.tf
@@ -13,9 +13,15 @@
 // limitations under the License.
 
 locals {
-  github_organizations = toset([for repo in var.github_repositories : split("/", repo)[0]])
-  oidc_provider_arn    = var.enabled ? (var.create_oidc_provider ? aws_iam_openid_connect_provider.github[0].arn : data.aws_iam_openid_connect_provider.github[0].arn) : ""
-  partition            = data.aws_partition.current.partition
+  github_organizations = toset([
+    for repo in var.github_repositories : split("/", repo)[0]
+  ])
+  known_thumbprints = [
+    "1c58a3a8518e8759bf075b76b750d4f2df264fcd",
+    "6938fd4d98bab03faadb97b34396831e3780aea1",
+  ]
+  oidc_provider_arn = var.enabled ? (var.create_oidc_provider ? aws_iam_openid_connect_provider.github[0].arn : data.aws_iam_openid_connect_provider.github[0].arn) : ""
+  partition         = data.aws_partition.current.partition
 }
 
 resource "aws_iam_role" "github" {
@@ -71,10 +77,16 @@ resource "aws_iam_openid_connect_provider" "github" {
 
   tags = var.tags
   url  = "https://token.actions.githubusercontent.com%{if var.enterprise_slug != ""}/${var.enterprise_slug}%{endif}"
-  thumbprint_list = var.additional_thumbprints != null ? distinct(
+  thumbprint_list = var.additional_thumbprints != null ? toset(
     concat(
+      local.known_thumbprints,
       [data.tls_certificate.github.certificates[0].sha1_fingerprint],
-      [for thumbprint in var.additional_thumbprints : thumbprint]
+      [for thumbprint in var.additional_thumbprints : thumbprint],
     )
-  ) : [data.tls_certificate.github.certificates[0].sha1_fingerprint]
+    ) : toset(
+    concat(
+      local.known_thumbprints,
+      [data.tls_certificate.github.certificates[0].sha1_fingerprint],
+    )
+  )
 }