diff --git a/.github/workflows/rhiza_docker.yml b/.github/workflows/rhiza_docker.yml
index 57d27ac2..1ff14399 100644
--- a/.github/workflows/rhiza_docker.yml
+++ b/.github/workflows/rhiza_docker.yml
@@ -60,5 +60,9 @@ jobs:
           docker buildx build \
             --file docker/Dockerfile \
             --tag "${REPO_NAME}:ci" \
+            --secret id=UV_EXTRA_INDEX_URL \
             --load \
             .
+        env:
+         UV_EXTRA_INDEX_URL: ${{ secrets.UV_EXTRA_INDEX_URL }}
+
diff --git a/docker/Dockerfile b/docker/Dockerfile
index ddb06750..b53307a9 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -15,7 +15,8 @@ USER app_user
 COPY --chown=app_user:app_user pyproject.toml uv.lock README.md src* ./
 
 # Install dependencies into .venv (no dev deps)
-RUN uv sync --frozen --no-dev --no-cache && \
+RUN --mount=type=secret,id=UV_EXTRA_INDEX_URL,env=UV_EXTRA_INDEX_URL \
+    uv sync --frozen --no-dev --no-cache && \
     # Install the package itself (non-editable, so src/ is not required afterwards) \
     uv pip install --no-deps .