diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 212ed651d69a3a6af329621e1bf3775ec40d126b..dca64a53de18d74090fa4f20f0596b9e39179a4b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -63,6 +63,9 @@ stages:
       - OPENTOFU_VERSION: !reference [.data, supported_versions]
 
 variables:
+  # Pipeline configuration
+  DOCKER_DIND_IMAGE: "docker:26.1.4-dind"
+
   # OpenTofu variables
   LATEST_OPENTOFU_VERSION: !reference [.data, latest_version]
 
@@ -85,18 +88,31 @@ check-semantic-version:
 gitlab-opentofu-image:build:
   extends: .opentofu-versions
   stage: build
-  image: quay.io/containers/buildah:v1.36.0
+  services:
+    - "$DOCKER_DIND_IMAGE"
+  image: "$DOCKER_DIND_IMAGE"
   before_script:
-    - buildah login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
+    - apk add git
+    # See note on the `build terraform` job about this image
+    - docker run --rm --privileged tonistiigi/binfmt
+    # Registry auth
+    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
   script:
-    - buildah build
+    - docker buildx create --use
+    # NOTE: we disable provenance for now
+    # because it causes troubles with the registry and older clients.
+    # See
+    # - https://gitlab.com/gitlab-org/terraform-images/-/issues/104
+    # - https://gitlab.com/gitlab-org/terraform-images/-/merge_requests/184#note_1328485943
+    - docker buildx build
       --platform "$PLATFORMS"
       --build-arg BASE_IMAGE=$BASE_IMAGE
       --build-arg OPENTOFU_VERSION=$OPENTOFU_VERSION
       --file Dockerfile
       --tag "$GITLAB_OPENTOFU_IMAGE_NAME"
+      --provenance=false
+      --push
       .
-    - buildah push "$GITLAB_OPENTOFU_IMAGE_NAME"
   rules:
     - if: $CI_COMMIT_TAG
     - changes: