diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index df394fa83e..930b0e36db 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -109,6 +109,13 @@ jobs:
         with:
           creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
+      - name: Retrieve GitHub PAT secrets
+        id: retrieve-secret-pat
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "github-pat-bitwarden-devops-bot-repo-scope"
+
       - name: Login to PROD ACR
         run: az acr login -n ${_AZ_REGISTRY%.azurecr.io}
 
@@ -172,6 +179,8 @@ jobs:
             linux/arm64
           push: true
           tags: ${{ steps.image-name.outputs.name }}
+          secrets: |
+            "GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}"
 
       - name: Scan Docker image
         id: container-scan