diff --git a/.dockerignore b/.dockerignore
index d802769..8d91290 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -10,6 +10,7 @@ build
 .dockerignore
 .gitignore
 Dockerfile
+*.Dockerfile
 Earthfile
 **/*.md
 **/*.license
diff --git a/Dockerfile b/Dockerfile
index 32fd141..071b37f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,8 +14,11 @@ RUN go test -v ./... \
     -ldflags "-X github.com/RiskIdent/jelease/cmd.appVersion=$VERSION" \
     -o build/jelease main.go
 
-FROM docker.io/library/alpine
-RUN apk add --no-cache ca-certificates patch git git-lfs helm
+# NOTE: When updating here, remember to also update in ./goreleaser.Dockerfile
+FROM docker.io/library/alpine AS final
+RUN apk add --no-cache ca-certificates diffutils patch git git-lfs helm \
+  && addgroup -g 10000 jelease \
+  && adduser -D -u 10000 -G jelease jelease
 COPY --from=build /jelease/build/jelease /usr/local/bin/
 CMD ["jelease", "serve"]
 USER 10000
diff --git a/goreleaser.Dockerfile b/goreleaser.Dockerfile
index a299e6c..692bb5a 100644
--- a/goreleaser.Dockerfile
+++ b/goreleaser.Dockerfile
@@ -2,8 +2,11 @@
 #
 # SPDX-License-Identifier: CC0-1.0
 
+# NOTE: When updating here, remember to also update in ./Dockerfile
 FROM docker.io/library/alpine
-RUN apk add --no-cache ca-certificates patch git git-lfs helm
+RUN apk add --no-cache ca-certificates diffutils patch git git-lfs helm \
+  && addgroup -g 10000 jelease \
+  && adduser -D -u 10000 -G jelease jelease
 COPY jelease /usr/local/bin/
 CMD ["jelease", "serve"]
 USER 10000