diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 9da6568ade..1cb815eb68 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -168,15 +168,15 @@ jobs:
       - run: kubectl config use-context arn:aws:eks:eu-west-1:955332203423:cluster/staging-eu-west-1-hosting
       - name: Deploy in staging
         run: |
-          kubectl set image deployment -n formance-system agent agent=ghcr.io/formancehq/agent:${GITHUB_SHA}
-          kubectl set image deployment -n formance-system operator operator=ghcr.io/formancehq/operator:${GITHUB_SHA}
-          kubectl patch Versions default -p "{\"spec\":{\"ledger\": \"${GITHUB_SHA}\"}}" --type=merge
-          kubectl patch Versions default -p "{\"spec\":{\"payments\": \"${GITHUB_SHA}\"}}" --type=merge
-          kubectl patch Versions default -p "{\"spec\":{\"auth\": \"${GITHUB_SHA}\"}}" --type=merge
-          kubectl patch Versions default -p "{\"spec\":{\"gateway\": \"${GITHUB_SHA}\"}}" --type=merge
-          kubectl patch Versions default -p "{\"spec\":{\"orchestration\": \"${GITHUB_SHA}\"}}" --type=merge
-          kubectl patch Versions default -p "{\"spec\":{\"reconciliation\": \"${GITHUB_SHA}\"}}" --type=merge
-          kubectl patch Versions default -p "{\"spec\":{\"search\": \"${GITHUB_SHA}\"}}" --type=merge
-          kubectl patch Versions default -p "{\"spec\":{\"stargate\": \"${GITHUB_SHA}\"}}" --type=merge
-          kubectl patch Versions default -p "{\"spec\":{\"wallets\": \"${GITHUB_SHA}\"}}" --type=merge
-          kubectl patch Versions default -p "{\"spec\":{\"webhooks\": \"${GITHUB_SHA}\"}}" --type=merge
+          kubectl set image deployment -n formance-system agent agent=ghcr.io/formancehq/agent:${GITHUB_SHA}-scratch
+          kubectl set image deployment -n formance-system operator operator=ghcr.io/formancehq/operator:${GITHUB_SHA}-scratch
+          kubectl patch Versions default -p "{\"spec\":{\"ledger\": \"${GITHUB_SHA}-scratch\"}}" --type=merge
+          kubectl patch Versions default -p "{\"spec\":{\"payments\": \"${GITHUB_SHA}-scratch\"}}" --type=merge
+          kubectl patch Versions default -p "{\"spec\":{\"auth\": \"${GITHUB_SHA}-scratch\"}}" --type=merge
+          kubectl patch Versions default -p "{\"spec\":{\"gateway\": \"${GITHUB_SHA}-scratch\"}}" --type=merge
+          kubectl patch Versions default -p "{\"spec\":{\"orchestration\": \"${GITHUB_SHA}-scratch\"}}" --type=merge
+          kubectl patch Versions default -p "{\"spec\":{\"reconciliation\": \"${GITHUB_SHA}-scratch\"}}" --type=merge
+          kubectl patch Versions default -p "{\"spec\":{\"search\": \"${GITHUB_SHA}-scratch\"}}" --type=merge
+          kubectl patch Versions default -p "{\"spec\":{\"stargate\": \"${GITHUB_SHA}-scratch\"}}" --type=merge
+          kubectl patch Versions default -p "{\"spec\":{\"wallets\": \"${GITHUB_SHA}-scratch\"}}" --type=merge
+          kubectl patch Versions default -p "{\"spec\":{\"webhooks\": \"${GITHUB_SHA}-scratch\"}}" --type=merge
diff --git a/components/fctl/scratch.Dockerfile b/components/fctl/scratch.Dockerfile
index 78f17c4370..6ee5efb0f1 100644
--- a/components/fctl/scratch.Dockerfile
+++ b/components/fctl/scratch.Dockerfile
@@ -1,4 +1,8 @@
+FROM alpine:latest as certs
+RUN apk --update add ca-certificates
+
 FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY fctl /usr/bin/fctl
 ENV OTEL_SERVICE_NAME fctl
 ENTRYPOINT ["/usr/bin/fctl"]
diff --git a/components/ledger/scratch.Dockerfile b/components/ledger/scratch.Dockerfile
index 442e570f88..2193c52c34 100644
--- a/components/ledger/scratch.Dockerfile
+++ b/components/ledger/scratch.Dockerfile
@@ -1,4 +1,8 @@
+FROM alpine:latest as certs
+RUN apk --update add ca-certificates
+
 FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY ledger /usr/bin/ledger
 ENV OTEL_SERVICE_NAME ledger
 ENTRYPOINT ["/usr/bin/ledger"]
diff --git a/components/operator/scratch.Dockerfile b/components/operator/scratch.Dockerfile
index 670c7732d2..834fbefec0 100644
--- a/components/operator/scratch.Dockerfile
+++ b/components/operator/scratch.Dockerfile
@@ -1,4 +1,8 @@
+FROM alpine:latest as certs
+RUN apk --update add ca-certificates
+
 FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY operator /usr/bin/operator
 ENV OTEL_SERVICE_NAME operator
 ENTRYPOINT ["/usr/bin/operator"]
diff --git a/components/payments/scratch.Dockerfile b/components/payments/scratch.Dockerfile
index a6dcd06e59..462521ee8f 100644
--- a/components/payments/scratch.Dockerfile
+++ b/components/payments/scratch.Dockerfile
@@ -1,4 +1,8 @@
+FROM alpine:latest as certs
+RUN apk --update add ca-certificates
+
 FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY payments /usr/bin/payments
 ENV OTEL_SERVICE_NAME payments
 ENTRYPOINT ["/usr/bin/payments"]
diff --git a/ee/agent/scratch.Dockerfile b/ee/agent/scratch.Dockerfile
index e5a69e5e7b..df70b03a88 100644
--- a/ee/agent/scratch.Dockerfile
+++ b/ee/agent/scratch.Dockerfile
@@ -1,4 +1,8 @@
+FROM alpine:latest as certs
+RUN apk --update add ca-certificates
+
 FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY agent /usr/bin/agent
 ENV OTEL_SERVICE_NAME agent
 ENTRYPOINT ["/usr/bin/agent"]
diff --git a/ee/auth/scratch.Dockerfile b/ee/auth/scratch.Dockerfile
index 3584029ade..0bf0ff79f0 100644
--- a/ee/auth/scratch.Dockerfile
+++ b/ee/auth/scratch.Dockerfile
@@ -1,4 +1,8 @@
+FROM alpine:latest as certs
+RUN apk --update add ca-certificates
+
 FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY auth /usr/bin/auth
 ENV OTEL_SERVICE_NAME auth
 ENTRYPOINT ["/usr/bin/auth"]
diff --git a/ee/gateway/scratch.Dockerfile b/ee/gateway/scratch.Dockerfile
index 90a0875660..3b421b65f4 100644
--- a/ee/gateway/scratch.Dockerfile
+++ b/ee/gateway/scratch.Dockerfile
@@ -1,4 +1,8 @@
+FROM alpine:latest as certs
+RUN apk --update add ca-certificates
+
 FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 ADD https://raw.githubusercontent.com/formancehq/stack/main/ee/gateway/Caddyfile /etc/caddy/Caddyfile
 COPY gateway /usr/bin/caddy
 ENV OTEL_SERVICE_NAME gateway
diff --git a/ee/orchestration/scratch.Dockerfile b/ee/orchestration/scratch.Dockerfile
index 0c96c07704..e2c9ddc54a 100644
--- a/ee/orchestration/scratch.Dockerfile
+++ b/ee/orchestration/scratch.Dockerfile
@@ -1,4 +1,8 @@
+FROM alpine:latest as certs
+RUN apk --update add ca-certificates
+
 FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY orchestration /usr/bin/orchestration
 ENV OTEL_SERVICE_NAME orchestration
 ENTRYPOINT ["/usr/bin/orchestration"]
diff --git a/ee/reconciliation/scratch.Dockerfile b/ee/reconciliation/scratch.Dockerfile
index 3cfa3475e6..bcb0fdb9c3 100644
--- a/ee/reconciliation/scratch.Dockerfile
+++ b/ee/reconciliation/scratch.Dockerfile
@@ -1,4 +1,8 @@
+FROM alpine:latest as certs
+RUN apk --update add ca-certificates
+
 FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY reconciliation /usr/bin/reconciliation
 ENV OTEL_SERVICE_NAME reconciliation
 ENTRYPOINT ["/usr/bin/reconciliation"]
diff --git a/ee/search/scratch.Dockerfile b/ee/search/scratch.Dockerfile
index 612d243a2b..7ff67fb8a4 100644
--- a/ee/search/scratch.Dockerfile
+++ b/ee/search/scratch.Dockerfile
@@ -1,4 +1,8 @@
+FROM alpine:latest as certs
+RUN apk --update add ca-certificates
+
 FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY search /usr/bin/search
 ENV OTEL_SERVICE_NAME search
 ENTRYPOINT ["/usr/bin/search"]
diff --git a/ee/stargate/scratch.Dockerfile b/ee/stargate/scratch.Dockerfile
index 2630de761f..f1b5533b36 100644
--- a/ee/stargate/scratch.Dockerfile
+++ b/ee/stargate/scratch.Dockerfile
@@ -1,4 +1,8 @@
+FROM alpine:latest as certs
+RUN apk --update add ca-certificates
+
 FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY stargate /usr/bin/stargate
 ENV OTEL_SERVICE_NAME stargate
 ENTRYPOINT ["/usr/bin/stargate"]
diff --git a/ee/wallets/scratch.Dockerfile b/ee/wallets/scratch.Dockerfile
index ea752500ea..05e6dc2bca 100644
--- a/ee/wallets/scratch.Dockerfile
+++ b/ee/wallets/scratch.Dockerfile
@@ -1,4 +1,8 @@
+FROM alpine:latest as certs
+RUN apk --update add ca-certificates
+
 FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY wallets /usr/bin/wallets
 ENV OTEL_SERVICE_NAME wallets
 ENTRYPOINT ["/usr/bin/wallets"]
diff --git a/ee/webhooks/scratch.Dockerfile b/ee/webhooks/scratch.Dockerfile
index 43a566e3b9..a93bf17f37 100644
--- a/ee/webhooks/scratch.Dockerfile
+++ b/ee/webhooks/scratch.Dockerfile
@@ -1,4 +1,8 @@
+FROM alpine:latest as certs
+RUN apk --update add ca-certificates
+
 FROM scratch
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY webhooks /usr/bin/webhooks
 ENV OTEL_SERVICE_NAME webhooks
 ENTRYPOINT ["/usr/bin/webhooks"]