diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8179f9f..27d4d1e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -76,6 +76,10 @@ on:
         type: string
         description: "List of target platforms to build"
         required: false
+      secrets:
+        type: string
+        description: "List of secrets to expose to the build"
+        required: false
       push:
         type: boolean
         description: "Push image to the registry (for image output)"
@@ -90,6 +94,10 @@ on:
         type: string
         description: "Size of /dev/shm (e.g., 2g)"
         required: false
+      ssh:
+        type: string
+        description: "List of SSH agent socket or keys to expose to the build"
+        required: false
       sign:
         type: string
         description: "Sign attestation manifest for image output or artifacts for local output, can be one of auto, true or false. The auto mode will enable signing if push is enabled for pushing the image or if artifact-upload is enabled for uploading the local build output as GitHub Artifact"
@@ -133,6 +141,9 @@ on:
       github-token:
         description: "GitHub Token used to authenticate against the repository for Git context"
         required: false
+      ssh-private-key:
+        description: "SSH private key used to populate SSH_AUTH_SOCK for buildx SSH mounts"
+        required: false
     outputs:
       meta-json:
         description: "Metadata JSON output (for image output)"
@@ -653,6 +664,14 @@ jobs:
         uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
         with:
           registry-auth: ${{ secrets.registry-auths }}
+      -
+        name: Set up ssh-agent
+        if: ${{ inputs.ssh }}
+        shell: bash
+        run: |
+          eval "$(ssh-agent -s)"
+          echo "${{ secrets.ssh-private-key }}" | tr -d '\r' | ssh-add -
+          echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV"
       -
         name: Build
         id: build
@@ -669,8 +688,10 @@ jobs:
           platforms: ${{ steps.prepare.outputs.platform }}
           provenance: ${{ steps.prepare.outputs.provenance }}
           sbom: ${{ steps.prepare.outputs.sbom }}
+          secrets: ${{ inputs.secrets }}
           secret-envs: GIT_AUTH_TOKEN=GIT_AUTH_TOKEN
           shm-size: ${{ inputs.shm-size }}
+          ssh: ${{ inputs.ssh }}
           target: ${{ inputs.target }}
           ulimit: ${{ inputs.ulimit }}
         env: