diff --git a/src/agent/protocols/protos/agent.proto b/src/agent/protocols/protos/agent.proto
index 4775411b75..76b42e0552 100644
--- a/src/agent/protocols/protos/agent.proto
+++ b/src/agent/protocols/protos/agent.proto
@@ -518,4 +518,5 @@ message Metrics {
 message PullImageRequest {
 	string image = 1;
 	string container_id = 2;
+	string source_creds = 3;
 }
diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs
index 880bd55c25..506910218b 100644
--- a/src/agent/src/rpc.rs
+++ b/src/agent/src/rpc.rs
@@ -685,8 +685,9 @@ impl protocols::agent_ttrpc::AgentService for AgentService {
     ) -> ttrpc::Result<protocols::empty::Empty> {
         let image = req.get_image();
         let cid = req.get_container_id();
+        let source_creds = (!req.get_source_creds().is_empty()).then(|| req.get_source_creds());
 
-        pull_image_from_registry(image, cid)
+        pull_image_from_registry(image, cid, &source_creds)
             .map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))?;
         unpack_image(cid).map_err(|e| ttrpc_error(ttrpc::Code::INTERNAL, e.to_string()))?;
 
@@ -1722,7 +1723,7 @@ fn load_kernel_module(module: &protocols::agent::KernelModule) -> Result<()> {
     }
 }
 
-fn pull_image_from_registry(image: &str, cid: &str) -> Result<()> {
+fn pull_image_from_registry(image: &str, cid: &str, source_creds: &Option<&str>) -> Result<()> {
     let source_image = format!("{}{}", "docker://", image);
 
     let manifest_path = format!("/tmp/{}/image_manifest", cid);
@@ -1735,11 +1736,19 @@ fn pull_image_from_registry(image: &str, cid: &str) -> Result<()> {
     fs::create_dir_all(&manifest_path)?;
     fs::create_dir_all(&oci_path)?;
 
-    let status: ExitStatus = Command::new(SKOPEO_PATH)
+    info!(sl!(), "Attempting to pull image {}...", &source_image);
+
+    let mut pull_command = Command::new(SKOPEO_PATH);
+    pull_command
         .arg("copy")
         .arg(source_image)
-        .arg(&target_path_manifest)
-        .status()?;
+        .arg(&target_path_manifest);
+
+    if let Some(source_creds) = source_creds {
+        pull_command.arg("--src-creds").arg(source_creds);
+    }
+
+    let status: ExitStatus = pull_command.status()?;
 
     if !status.success() {
         return Err(anyhow!(format!("failed to pull image: {:?}", status)));
diff --git a/tools/agent-ctl/src/client.rs b/tools/agent-ctl/src/client.rs
index 5ff801278b..9eb4a9b572 100644
--- a/tools/agent-ctl/src/client.rs
+++ b/tools/agent-ctl/src/client.rs
@@ -1951,9 +1951,11 @@ fn agent_cmd_pull_image(
 
     let image = utils::get_option("image", options, args);
     let cid = utils::get_option("cid", options, args);
+    let source_creds = utils::get_option("source_creds", options, args);
 
     req.set_image(image);
     req.set_container_id(cid);
+    req.set_source_creds(source_creds);
 
     debug!(sl!(), "sending request"; "request" => format!("{:?}", req));