diff --git a/Dockerfile b/Dockerfile
index f272ff4..c4e4e9e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,8 @@
-FROM golang:1.16
+FROM alpine:3 as ca
+RUN apk add --no-cache ca-certificates
+
+
+FROM golang:1.16 as go
 
 WORKDIR /gcp-get-secret
 ADD . /gcp-get-secret
@@ -6,4 +10,7 @@ RUN go mod download
 RUN CGO_ENABLED=0 GOOS=linux go build -o gcp-get-secret -ldflags '-extldflags "-static"' .
 
 FROM scratch
-COPY --from=0 /gcp-get-secret/gcp-get-secret /
+COPY --from=ca /etc/ssl/certs/ /etc/ssl/certs/
+COPY --from=go /gcp-get-secret/gcp-get-secret /
+
+ENTRYPOINT [ "/gcp-get-secret" ]
diff --git a/main.go b/main.go
index 98a15bb..3f05e02 100644
--- a/main.go
+++ b/main.go
@@ -347,10 +347,6 @@ func (m *Main) replaceDestinationReferencesWithURL(refs []GoogleSecretRef, env m
 
 // execute the `command` with the environment set to actual values from the parameter store
 func (m *Main) execProcess() {
-	program, err := exec.LookPath(m.command[0])
-	if err != nil {
-		log.Fatalf("could not find program %s on path, %s", m.command[0], err)
-	}
 
 	refs, err := m.environmentToGoogleSecretReferences(os.Environ())
 	if err != nil {
@@ -368,6 +364,18 @@ func (m *Main) execProcess() {
 
 	newEnv = m.replaceDestinationReferencesWithURL(refs, newEnv)
 
+	if len(m.command) == 1 && m.command[0] == "noop" {
+		if m.verbose {
+			log.Printf("INFO: noop")
+		}
+		return
+	}
+
+	program, err := exec.LookPath(m.command[0])
+	if err != nil {
+		log.Fatalf("could not find program %s on path, %s", m.command[0], err)
+	}
+
 	err = syscall.Exec(program, m.command, m.updateEnvironment(os.Environ(), newEnv))
 	if err != nil {
 		log.Fatal(err)