diff --git a/.github/workflows/build-publish-docker.yml b/.github/workflows/build-publish-docker.yml
index 5af392b..113ec2c 100644
--- a/.github/workflows/build-publish-docker.yml
+++ b/.github/workflows/build-publish-docker.yml
@@ -17,8 +17,6 @@ concurrency: ${{ github.workflow }}-${{ github.ref }}
 
 env:
   HUSKY: 0
-  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-  TURBO_TEAM: ${{ vars.TURBO_TEAM }}
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
   PLATFORMS: linux/amd64,linux/arm64
@@ -70,5 +68,5 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
-            TURBO_TOKEN=${{ env.TURBO_TOKEN }}
-            TURBO_TEAM=${{ env.TURBO_TEAM }}
+            TURBO_TOKEN=${{ secrets.TURBO_TOKEN }}
+            TURBO_TEAM=${{ vars.TURBO_TEAM }}
diff --git a/Dockerfile b/Dockerfile
index 7c9ed98..afad437 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,8 +3,7 @@ FROM node:20-alpine AS base
 ARG TURBO_TEAM
 ENV TURBO_TEAM=$TURBO_TEAM
 
-ARG TURBO_TOKEN
-ENV TURBO_TOKEN=$TURBO_TOKEN
+RUN --mount=type=secret,id=TURBO_TOKEN,env=TURBO_TOKEN
 
 ENV PNPM_HOME="/pnpm"
 ENV PATH="$PNPM_HOME:$PATH"