diff --git a/docker/Dockerfile.hsm b/docker/Dockerfile.hsm
index 05c1ef82..a317ea27 100644
--- a/docker/Dockerfile.hsm
+++ b/docker/Dockerfile.hsm
@@ -1,23 +1,25 @@
-FROM golang:alpine AS builder
+FROM golang AS builder
 
 WORKDIR /src
 COPY . .
 
-RUN apk add --no-cache curl git make
-RUN apk add --no-cache gcc musl-dev pkgconf pcsc-lite-dev
+RUN apt-get update
+RUN apt-get install -y --no-install-recommends \
+        gcc pkgconf libpcsclite-dev
 RUN make V=1 download
 RUN make V=1 GOFLAGS="" build
 
-FROM smallstep/step-kms-plugin:latest AS kms
+FROM smallstep/step-kms-plugin:debian AS kms
 
-FROM smallstep/step-cli:latest
+FROM smallstep/step-cli:debian
 
 COPY --from=builder /src/bin/step-ca /usr/local/bin/step-ca
 COPY --from=kms /usr/local/bin/step-kms-plugin /usr/local/bin/step-kms-plugin
 
 USER root
-RUN apk add --no-cache libcap && setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/step-ca
-RUN apk add --no-cache pcsc-lite pcsc-lite-libs
+RUN apt-get install -y --no-install-recommends libcap2-bin && \
+    setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/step-ca
+RUN apt-get install -y --no-install-recommends pcscd libpcsclite1
 RUN mkdir -p /run/pcscd
 RUN chown step:step /run/pcscd
 USER step