diff --git a/crates/bws/Dockerfile b/crates/bws/Dockerfile
index 4f16f8e6c..cc9e1c481 100644
--- a/crates/bws/Dockerfile
+++ b/crates/bws/Dockerfile
@@ -15,27 +15,35 @@ COPY . /app
 
 # Build project
 WORKDIR /app/crates/bws
-RUN cargo build --release
+RUN cargo build --release --bin bws
+
+# Bundle bws dependencies
+RUN mkdir /lib-bws
+RUN ldd /app/target/release/bws | tr -s '[:blank:]' '\n' | grep '^/' | xargs -I % cp % /lib-bws
+
+# Make a HOME directory for the app stage
+RUN mkdir -p /home/app
 
 ###############################################
 #                  App stage                  #
 ###############################################
-FROM debian:bookworm-slim
+FROM scratch
 
 ARG TARGETPLATFORM
 LABEL com.bitwarden.product="bitwarden"
 
+# Set a HOME directory
+COPY --from=build /home/app /home/app
+ENV HOME=/home/app
+
 # Copy built project from the build stage
 WORKDIR /usr/local/bin
 COPY --from=build /app/target/release/bws .
-COPY --from=build /etc/ssl/certs /etc/ssl/certs
-
-# Create a non-root user
-RUN useradd -ms /bin/bash app
 
-# Switch to the non-root user
-USER app
+# Copy certs
+COPY --from=build /etc/ssl/certs /etc/ssl/certs
 
-WORKDIR /home/app
+# Copy bws dependencies
+COPY --from=build /lib-bws /lib
 
 ENTRYPOINT ["bws"]