diff --git a/README.md b/README.md
index 88852b1..a7ccd7c 100644
--- a/README.md
+++ b/README.md
@@ -104,6 +104,7 @@ your repository.
 | github<br>features<br>wiki `boolean` |false| Enable Wiki tab.|
 | github<br>features<br>issues `boolean` |false| Enable issues tab.|
 | github<br>features<br>projects `boolean` |false| Enable projects tab.|
+| github_workflows<br>build<br>extra_docker_build_args `object` |{}| Key-value pairs to use as build args during the docker build step of build and release workflow|
 | reviewdog<br>platforms `array` |[]| A broad way to categorize programming languages, libraries, and frameworks, and for which we have an external tool we can use to assure code quality during review.&nbsp; Accepted values:`php`,`twig`,||
 | devcontainer<br>custom_docker_compose_yaml `boolean` |false| When enabled the compose file located at .devcontainer/docker-compose.yaml will no longer get automatically updated. Allowing users to customize their docker-compose setup.|
 | devcontainer<br>postCreateCommand `string` |-| Additional (shell) commands to run when the containers is created. For a typical project you would specify commands that only need to run once when the project is setup. For example you might add a command in here to load database fixtures for your project.|
diff --git a/docs/partials/readme.configuration.md b/docs/partials/readme.configuration.md
index 343749f..49210fc 100644
--- a/docs/partials/readme.configuration.md
+++ b/docs/partials/readme.configuration.md
@@ -29,6 +29,7 @@
 | github<br>features<br>wiki `boolean` |false| Enable Wiki tab.|
 | github<br>features<br>issues `boolean` |false| Enable issues tab.|
 | github<br>features<br>projects `boolean` |false| Enable projects tab.|
+| github_workflows<br>build<br>extra_docker_build_args `object` |{}| Key-value pairs to use as build args during the docker build step of build and release workflow|
 | reviewdog<br>platforms `array` |[]| A broad way to categorize programming languages, libraries, and frameworks, and for which we have an external tool we can use to assure code quality during review.&nbsp; Accepted values:`php`,`twig`,||
 | devcontainer<br>custom_docker_compose_yaml `boolean` |false| When enabled the compose file located at .devcontainer/docker-compose.yaml will no longer get automatically updated. Allowing users to customize their docker-compose setup.|
 | devcontainer<br>postCreateCommand `string` |-| Additional (shell) commands to run when the containers is created. For a typical project you would specify commands that only need to run once when the project is setup. For example you might add a command in here to load database fixtures for your project.|
diff --git a/group_vars/all.yaml b/group_vars/all.yaml
index 60d74ac..44a57b6 100644
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -12,3 +12,10 @@ default_devcontainer_customizations_vscode:
         - repo.yaml
     # YAML extension by RedHat that prompts on each new devcontainer to enable telemetry
     "redhat.telemetry.enabled": false
+
+default_docker_build_args:
+  PACKAGIST_USER: token
+  PACKAGIST_TOKEN: "{{ '${{ secrets.PACKAGIST_TOKEN }}' }}"
+  # XXX we need this intricate value escaping in here, because Ansible will try to evaluate the value when we
+  # merge this default with any user provided build args. Since GitHub workflow secrets look very much like Jinja2
+  # template interpolation, playbook will fail.
diff --git a/repo.schema.yaml b/repo.schema.yaml
index ab0d0d3..9c41d0c 100644
--- a/repo.schema.yaml
+++ b/repo.schema.yaml
@@ -194,6 +194,22 @@ properties:
             type: boolean
             default: false
 
+  github_workflows:
+    type: object
+    additionalProperties: false
+    description: EXPERIMENTAL configuration options for the optionally generated GitHub workflows (sdlc_workflows)
+    properties:
+      build:
+        type: object
+        additionalProperties: false
+        properties:
+          extra_docker_build_args:
+            type: object
+            additionalProperties: true
+            default: {}
+            description: >
+              Key-value pairs to use as build args during the docker build step of build and release workflow
+
   reviewdog:
     type: object
     description: Reviewdog configuration. Used during repo-ansible/reviewdog container execution
diff --git a/tasks/other-dev-generated-files.yaml b/tasks/other-dev-generated-files.yaml
index 2d2287a..7156748 100644
--- a/tasks/other-dev-generated-files.yaml
+++ b/tasks/other-dev-generated-files.yaml
@@ -14,6 +14,10 @@
     set_fact:
       followup_workflows: "{{ extension_workflows.stdout | from_json }}"
 
+  - name: define docker build args
+    set_fact:
+      docker_build_args: "{{ default_docker_build_args | combine(repo.github_workflows.build.extra_docker_build_args) }}"
+
   - name: copy github actions workflow files
     ansible.builtin.template:
       src: "./templates/.github/workflows/{{ item.target }}.j2"
diff --git a/templates/.github/workflows/30-release-and-build.yaml.j2 b/templates/.github/workflows/30-release-and-build.yaml.j2
index 1b03dd4..33c5d69 100644
--- a/templates/.github/workflows/30-release-and-build.yaml.j2
+++ b/templates/.github/workflows/30-release-and-build.yaml.j2
@@ -67,9 +67,11 @@ jobs:
         labels: ${{ steps.meta.outputs.labels }}
         cache-to: type=gha
         cache-from: type=gha
+        # For additional docker build args set github_workflows.build.extra_docker_build_args in the repo.yaml file
         build-args: |
-          PACKAGIST_USER=token
-          PACKAGIST_TOKEN=${{ secrets.PACKAGIST_TOKEN }}
+{% for key, value in docker_build_args.items() %}
+          [[key]]=[[value]]
+{% endfor %}
 {% if workflow_group in followup_workflows %}
 {% for followup_workflow in followup_workflows[workflow_group] %}