diff --git a/Dockerfile b/Dockerfile
index 6ef42cc0..2c546ed3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,12 +14,19 @@ RUN CGO_ENABLED=0 make local build
 # CI tools expect an interactive shell inside the container
 FROM alpine:3.13.5 as production
 
+RUN mkdir /home/yq/
+RUN addgroup -g 1000 yq && \
+    adduser -u 1000 -G yq -s /bin/bash -h /home/yq -D yq
+RUN chown -R yq:yq /home/yq/
+
 COPY --from=builder /go/src/mikefarah/yq/yq /usr/bin/yq
 RUN chmod +x /usr/bin/yq
 
 ARG VERSION=none
 LABEL version=${VERSION}
 
+USER yq
+
 WORKDIR /workdir
 
 ENTRYPOINT ["/usr/bin/yq"]