diff --git a/.drone.star b/.drone.star
index 13af026..7e600d7 100644
--- a/.drone.star
+++ b/.drone.star
@@ -1,6 +1,6 @@
-"""
+'''
 This config defines the Drone CI pipelines for building and publishing Squish images for ownCloud CI.
-"""
+'''
 
 versions = {
   # <base_image>: <base_image_tag>
@@ -20,7 +20,16 @@ def main(ctx):
         'from_secret': 'squish_download_s3secret',
     },
     'licensekey': {
-       'from_secret': 'squish_licensekey',
+       'from_secret': 'squish_licensekey_new',
+    },
+    'ghostunnel_ca_cert': {
+       'from_secret': 'ghostunnel_ca_cert',
+    },
+    'ghostunnel_client_cert': {
+       'from_secret': 'ghostunnel_client_cert',
+    },
+    'ghostunnel_client_key': {
+       'from_secret': 'ghostunnel_client_key',
     },
   }
 
@@ -63,6 +72,10 @@ def docker(config):
       'arch': config['arch'],
     },
     'steps': steps(config),
+    'volumes': volumes(config),
+    'workspace':{
+      'path': '/drone/src',
+    },
     'depends_on': [],
     'trigger': {
       'ref': [
@@ -72,6 +85,15 @@ def docker(config):
     },
   }
 
+
+def volumes(config):
+    return [
+    {
+        'name': 'docker',
+        'temp': {},
+    },
+    ]
+
 def documentation(config):
   return {
     'kind': 'pipeline',
@@ -164,20 +186,32 @@ def notification(config):
     },
   }
 
+
+
 def dryrun(config):
   return [{
     'name': 'dryrun',
-    'image': 'plugins/docker',
+    'image': 'docker.io/owncloudci/drone-docker-buildx:4',
     'environment':{
       'S3SECRET': config['s3secret'],
       'LICENSEKEY': config['licensekey'],
+      'CACERT': config['ghostunnel_ca_cert'],
+      'CLIENTKEY': config['ghostunnel_client_key'],
+      'CLIENTCERT': config['ghostunnel_client_cert'],
     },
     'settings': {
       'dry_run': True,
       'tags': config['tags'],
       'dockerfile': '%s/Dockerfile.%s' % (config['path'], config['arch']),
       'repo': 'owncloudci/%s' % config['repo'],
+      'secrets': ['id=cacert\\\\,env=CACERT', 'id=client-cert\\\\,env=CLIENTCERT', 'id=client-key\\\\,env=CLIENTKEY'],
       'context': config['path'],
+      'volumes': [
+            {
+              'name': 'docker',
+              'path': '/dockerabc',
+            },
+       ],
       'build_args': [
         'SQUISHVERSION=%s' % config['squishversion'][config['version']],
         'BASETAG=%s' % config['base_image_tag'],
@@ -232,6 +266,5 @@ def publish(config):
   }]
 
 
-
 def steps(config):
-  return dryrun(config) + publish(config)
+  return dryrun(config)
diff --git a/fedora/Dockerfile.amd64 b/fedora/Dockerfile.amd64
index 91a6850..61c5c92 100644
--- a/fedora/Dockerfile.amd64
+++ b/fedora/Dockerfile.amd64
@@ -6,11 +6,17 @@ FROM ${BASE}:${BASETAG} AS stage-build
 ARG ARG_CLIENT_BRANCH
 ARG ARG_CLIENT_BUILD_TARGET
 
+RUN ls -l /
+#RUN --mount=type=secret,id=cacert --mount=type=secret,id=client-key --mount=type=secret,id=client-cert cp /run/secrets/* /drone/src/
+RUN --mount=type=secret,id=cacert cp /run/secrets/cacert /drone/src/
+
 ENV OWNBUILD_DIR=/ownbuild
 ENV CLIENT_BRANCH=${ARG_CLIENT_BRANCH:-master}
 ENV CLIENT_BUILD_TARGET=${ARG_CLIENT_BUILD_TARGET:-linux-64-gcc-debug}
 
 RUN dnf install -y \
+    ss \
+    telnet \
     git-core \
     cmake \
     ninja-build \
@@ -38,6 +44,10 @@ RUN mkdir -p ${OWNBUILD_DIR}/${CLIENT_BRANCH} && \
     find ./ -name *doc | xargs rm -rf && \
     find ./ -name *man | xargs rm -rf
 
+
+# Install ghostunnel for secured access to the squish license server
+RUN curl -L https://github.com/ghostunnel/ghostunnel/releases/download/v1.8.4/ghostunnel-linux-amd64 -so /opt/ghostunnel && chmod +x /opt/ghostunnel
+
 ############################################
 # Validate system and Squish Qt version    #
 ############################################
diff --git a/fedora/src/startup/common.sh b/fedora/src/startup/common.sh
index 0793d3b..a1956e2 100644
--- a/fedora/src/startup/common.sh
+++ b/fedora/src/startup/common.sh
@@ -7,10 +7,23 @@ SQUISH_INSTALL_LOG="${HOME}/squish-installation.log"
 mkdir -p "${HOME}"
 
 function install_squish() {
+
+    # TODO nicer
+    # ghostunnel stuff
+
+    echo "Starting ghostunnel"
+    /opt/ghostunnel client \
+        --listen localhost:8003 \
+        --target "$LICENSEKEY" \
+        --cacert /drone/src/cacert \
+        --key /drone/src/client-key \
+        --cert /drone/src/client-cert &
+
+
     echo "[SQUISH] Installing squish..."
     echo "[SQUISH] Installation report: ${SQUISH_INSTALL_LOG}"
 
-    /opt/squish.run unattended=1 ide=0 doc=0 examples=0 targetdir="${SQUISH_INSTALL_DIR}" licensekey="${LICENSEKEY}" >>"${SQUISH_INSTALL_LOG}" 2>&1
+    /opt/squish.run unattended=1 ide=0 doc=0 examples=0 targetdir="${SQUISH_INSTALL_DIR}" licensekey="localhost:8003" >>"${SQUISH_INSTALL_LOG}" 2>&1
     result=$?
 
     if [[ $result -ne 0 ]]; then