diff --git a/.evergreen.yml b/.evergreen.yml
index 16b029e50..b7a6d2b52 100644
--- a/.evergreen.yml
+++ b/.evergreen.yml
@@ -6907,6 +6907,8 @@ functions:
         shell: bash
         env:
           NODE_JS_VERSION: ${node_js_version}
+          DOCKERHUB_USERNAME: ${dockerhub_username}
+          DOCKERHUB_PASSWORD: ${dockerhub_password}
         script: |
           set -e
           {
@@ -6930,6 +6932,8 @@ functions:
           NODE_JS_VERSION: ${node_js_version}
           TEST_MONGOSH_EXECUTABLE: ${test_mongosh_executable|}
           KERBEROS_JUMPHOST_DOCKERFILE: ${kerberos_jumphost_dockerfile|}
+          DOCKERHUB_USERNAME: ${dockerhub_username}
+          DOCKERHUB_PASSWORD: ${dockerhub_password}
         script: |
           set -e
           {
@@ -7223,6 +7227,8 @@ functions:
           DISTRO_ID_OVERRIDE: ${distro_id}
           PACKAGE_VARIANT: ${package_variant}
           ARTIFACT_URL_EXTRA_TAG: unsigned
+          DOCKERHUB_USERNAME: ${dockerhub_username}
+          DOCKERHUB_PASSWORD: ${dockerhub_password}
   sign_artifact:
     - command: expansions.write
       type: setup
@@ -7329,6 +7335,8 @@ functions:
         shell: bash
         env:
           NODE_JS_VERSION: ${node_js_version}
+          DOCKERHUB_USERNAME: ${dockerhub_username}
+          DOCKERHUB_PASSWORD: ${dockerhub_password}
         script: |
           set -e
           set -x
@@ -7343,6 +7351,8 @@ functions:
         shell: bash
         env:
           NODE_JS_VERSION: ${node_js_version}
+          DOCKERHUB_USERNAME: ${dockerhub_username}
+          DOCKERHUB_PASSWORD: ${dockerhub_password}
         script: |
           set -e
           set -x
diff --git a/.evergreen/docker-config/bin/docker-credential-from-env b/.evergreen/docker-config/bin/docker-credential-from-env
new file mode 100755
index 000000000..7af2b9a47
--- /dev/null
+++ b/.evergreen/docker-config/bin/docker-credential-from-env
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+set -euo pipefail
+
+DOCKER_HUB_URL="https://index.docker.io/v1/"
+
+STDIN=$(cat)
+
+ACTION="$1"
+
+case "$ACTION" in
+  get)
+    SERVER_URL="$STDIN"
+
+    if [[ "$SERVER_URL" == "$DOCKER_HUB_URL" ]]; then
+      if [[ -z "${DOCKERHUB_USERNAME:-}" || -z "${DOCKERHUB_PASSWORD:-}" ]]; then
+        echo "Error: DOCKERHUB_USERNAME or DOCKERHUB_PASSWORD environment variables are not set." >&2
+        exit 1
+      fi
+
+      echo "{\"Username\": \"$DOCKERHUB_USERNAME\", \"Secret\": \"$DOCKERHUB_PASSWORD\"}"
+    else
+      echo "Error: No credentials available for $SERVER_URL" >&2
+      exit 1
+    fi
+    ;;
+
+  *)
+    echo "Unsupported action: $ACTION" >&2
+    exit 1
+    ;;
+esac
\ No newline at end of file
diff --git a/.evergreen/docker-config/config.json b/.evergreen/docker-config/config.json
new file mode 100644
index 000000000..353cd057b
--- /dev/null
+++ b/.evergreen/docker-config/config.json
@@ -0,0 +1,6 @@
+{
+	"auths": {
+		"https://index.docker.io/v1/": {}
+	},
+	"credsStore": "from-env"
+} 
diff --git a/.evergreen/evergreen.yml.in b/.evergreen/evergreen.yml.in
index a3c4138a9..73c0062a1 100644
--- a/.evergreen/evergreen.yml.in
+++ b/.evergreen/evergreen.yml.in
@@ -383,6 +383,8 @@ functions:
         shell: bash
         env:
           NODE_JS_VERSION: ${node_js_version}
+          DOCKERHUB_USERNAME: ${dockerhub_username}
+          DOCKERHUB_PASSWORD: ${dockerhub_password}
         script: |
           set -e
           {
@@ -406,6 +408,8 @@ functions:
           NODE_JS_VERSION: ${node_js_version}
           TEST_MONGOSH_EXECUTABLE: ${test_mongosh_executable|}
           KERBEROS_JUMPHOST_DOCKERFILE: ${kerberos_jumphost_dockerfile|}
+          DOCKERHUB_USERNAME: ${dockerhub_username}
+          DOCKERHUB_PASSWORD: ${dockerhub_password}
         script: |
           set -e
           {
@@ -635,6 +639,8 @@ functions:
           DISTRO_ID_OVERRIDE: ${distro_id}
           PACKAGE_VARIANT: ${package_variant}
           ARTIFACT_URL_EXTRA_TAG: unsigned
+          DOCKERHUB_USERNAME: ${dockerhub_username}
+          DOCKERHUB_PASSWORD: ${dockerhub_password}
   sign_artifact:
     - command: expansions.write
       type: setup
@@ -741,6 +747,8 @@ functions:
         shell: bash
         env:
           NODE_JS_VERSION: ${node_js_version}
+          DOCKERHUB_USERNAME: ${dockerhub_username}
+          DOCKERHUB_PASSWORD: ${dockerhub_password}
         script: |
           set -e
           set -x
@@ -755,6 +763,8 @@ functions:
         shell: bash
         env:
           NODE_JS_VERSION: ${node_js_version}
+          DOCKERHUB_USERNAME: ${dockerhub_username}
+          DOCKERHUB_PASSWORD: ${dockerhub_password}
         script: |
           set -e
           set -x
diff --git a/.evergreen/setup-env.sh b/.evergreen/setup-env.sh
index 8b9a38ad9..3d286a213 100755
--- a/.evergreen/setup-env.sh
+++ b/.evergreen/setup-env.sh
@@ -75,6 +75,9 @@ if [ "$OS" == "Windows_NT" ]; then
   export npm_config_logs_dir="$(cygpath -w "$npm_config_logs_dir")"
 fi
 
+export DOCKER_CONFIG="$BASEDIR/docker-config"
+export PATH="$BASEDIR/docker-config/bin:$PATH"
+
 echo "Running on:"
 uname -a
 
diff --git a/scripts/docker/build.sh b/scripts/docker/build.sh
index 0b4cbb865..15b359c9a 100755
--- a/scripts/docker/build.sh
+++ b/scripts/docker/build.sh
@@ -6,6 +6,11 @@ cd "$(dirname "$0")"
 # Used for verifying that we actually have a working csfle shared library
 [ -x node_modules/mongodb-crypt-library-version ] || ((cd ../.. && npm ci) && cp -r ../../node_modules node_modules)
 
+# we don't have credentials for registry.suse.com and docker now requires them due to our config
+if [[ "$1" == suse* ]]; then
+  unset DOCKER_CONFIG
+fi
+
 if [ x"$ARTIFACT_URL" = x"" ]; then
   SHA=`git rev-parse origin/main`
   VERSION=`git show ${SHA}:../../lerna.json | grep version | cut -d ":" -f 2 | cut -d '"' -f 2`