diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
index 76a37a5..449164d 100644
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -39,11 +39,13 @@ jobs:
       with:
         extra_nix_config: |
           access-tokens = github.com=${{ github.token }}
-    - uses: cachix/cachix-action@v14
-      continue-on-error: true
-      with:
-        name: nixsgx
-        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+    # Cache any artifacts that aren't already cached at https://cache.nixos.org
+    - name: Enable magic Nix cache
+      uses: DeterminateSystems/magic-nix-cache-action@main
+    - name: Use nixsgx cache
+      run: |
+        nix-env -iA cachix -f https://cachix.org/api/v1/install
+        cachix use nixsgx
     - name: cargo clippy
       run: nix develop -L --ignore-environment -c cargo clippy --all --locked
 
@@ -55,32 +57,49 @@ jobs:
         with:
           extra_nix_config: |
             access-tokens = github.com=${{ github.token }}
-      - uses: cachix/cachix-action@v14
-        continue-on-error: true
-        with:
-          name: nixsgx
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
 
       # Cache any artifacts that aren't already cached at https://cache.nixos.org
       - name: Enable magic Nix cache
         uses: DeterminateSystems/magic-nix-cache-action@main
 
+      - name: Use nixsgx cache
+        run: |
+          nix-env -iA cachix -f https://cachix.org/api/v1/install
+          cachix use nixsgx
+
       - name: nix build
         run: nix run nixpkgs#nixci
 
+  push_to_docker:
+    if: ${{ github.event_name == 'push' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
+        with:
+          extra_nix_config: |
+            access-tokens = github.com=${{ github.token }}
+
+      # Cache any artifacts that aren't already cached at https://cache.nixos.org
+      - name: Enable magic Nix cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - name: Use nixsgx cache
+        run: |
+          nix-env -iA cachix -f https://cachix.org/api/v1/install
+          cachix use nixsgx
+
       - name: Log in to Docker Hub
-        if: ${{ github.event_name == 'push' }}
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Load and push
-        if: ${{ github.event_name == 'push' }}
         run: |
           nix build  -L .#container-verify-attestation
           export IMAGE_TAG=$(docker load < result | grep -Po 'Loaded image.*: \K.*')
           echo "Pushing image ${IMAGE_TAG} to Docker Hub"
           echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV
-          docker push "${IMAGE_TAG}"
-          docker push "${IMAGE_TAG%:*}:latest"
+          docker push matterlabsrobot/"${IMAGE_TAG}"
+          docker push matterlabsrobot/"${IMAGE_TAG%:*}:latest"