diff --git a/src/_base/application/overlay/Jenkinsfile.twig b/src/_base/application/overlay/Jenkinsfile.twig
index 87669f265..f117aab8f 100644
--- a/src/_base/application/overlay/Jenkinsfile.twig
+++ b/src/_base/application/overlay/Jenkinsfile.twig
@@ -68,12 +68,16 @@ pipeline {
 {% if bool(@('pipeline.publish.enabled')) %}
         stage('Publish') {
 {% set env = @('pipeline.publish.environment') %}
+{% set docker_registry_credential_id = @('docker.registry.credential_id') %}
 {% set ssh_credential_id = @('pipeline.publish.chart.git.ssh_credential_id') %}
-{% if env or ssh_credential_id %}
+{% if env or docker_registry_credential_id or ssh_credential_id %}
             environment {
 {% for key, value in env %}
                 {{ key }} = {{ value }}
 {% endfor %}
+{% if docker_registry_credential_id %}
+                DOCKER_REGISTRY_CREDS = credentials('{{ docker_registry_credential_id }}')
+{% endif %}
 {% if ssh_credential_id %}
                 WS_APP_PUBLISH_CHART_SSH_PRIVATE_KEY = credentials('{{ ssh_credential_id }}')
 {% endif %}
diff --git a/src/_base/harness/attributes/common.yml b/src/_base/harness/attributes/common.yml
index dfadbdb14..37306449f 100644
--- a/src/_base/harness/attributes/common.yml
+++ b/src/_base/harness/attributes/common.yml
@@ -104,8 +104,11 @@ attributes.default:
   docker:
     registry:
       url: = get_docker_registry(@('docker.repository'))
-      username: = @('docker.username') # for backwards compatibility
-      password: = @('docker.password') # for backwards compatibility
+      # A Username with Password Jenkins credential id
+      # Preferred over .username/.password to store credentials local development doesn't need
+      credential_id: ~
+      username: "= env('DOCKER_REGISTRY_CREDS_USR') ?: null"
+      password: "= env('DOCKER_REGISTRY_CREDS_PSW') ?: null"
     repository: = @("workspace.name")
     buildkit:
       enabled: true