diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2
index cdf83eeb338631e7fa48c2cad5c9e0a5600636ec..ad1e425023a34fb59cdf3c3c670cceed26e5766e 100644
--- a/docker/Dockerfile.j2
+++ b/docker/Dockerfile.j2
@@ -1,16 +1,10 @@
-{{ "# This file was generated using a Jinja2 template." }}
-{{ "# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's." }}
+# This file was generated using a Jinja2 template.
+# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
 
-# Using multistage build:
-# 	https://docs.docker.com/develop/develop-images/multistage-build/
-# 	https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE  #######################
 {% set build_stage_base_image = "rust:1.40" %}
-{% set vault_stage_base_image = build_stage_base_image %}
 {% if "alpine" in target_file %}
 {%   set build_stage_base_image = "clux/muslrust:nightly-2019-12-19" %}
 {%   set runtime_stage_base_image = "alpine:3.11" %}
-{%   set vault_stage_base_image = runtime_stage_base_image %}
 {%   set package_arch_name = "" %}
 {% elif "amd64" in target_file %}
 {%   set runtime_stage_base_image = "debian:buster-slim" %}
@@ -29,29 +23,23 @@
 {% if package_arch_name == "" %}
 {%   set package_arch_prefix = "" %}
 {% endif %}
-FROM {{ vault_stage_base_image }} as vault
-
-ENV VAULT_VERSION "v2.12.0d"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-{% if "alpine" in vault_stage_base_image %}
-RUN apk add --no-cache --upgrade curl tar
-{% else %}
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-{% endif %}
-
-WORKDIR /
-
-{% if "alpine" in vault_stage_base_image %}
-SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-{% else %}
-SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-{% endif %}
-
-RUN curl -L $URL | tar xz
-RUN ls
+# Using multistage build:
+# 	https://docs.docker.com/develop/develop-images/multistage-build/
+# 	https://whitfin.io/speeding-up-rust-docker-builds/
+####################### VAULT BUILD IMAGE  #######################
+{% set vault_image_hash = "sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c" %}
+{% raw %}
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.12.0e
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
+#      
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
+{% endraw %}
+FROM bitwardenrs/web-vault@{{ vault_image_hash }} as vault
 
 ########################## BUILD IMAGE  ##########################
 {% if "musl" in build_stage_base_image %}
diff --git a/docker/aarch64/mysql/Dockerfile b/docker/aarch64/mysql/Dockerfile
index 14a0cbffaadefdf2fa410f6f7426442166fffec4..9e2812e830de6fc07df248d37802882db27b7eeb 100644
--- a/docker/aarch64/mysql/Dockerfile
+++ b/docker/aarch64/mysql/Dockerfile
@@ -5,21 +5,17 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM rust:1.40 as vault
 
-ENV VAULT_VERSION "v2.12.0d"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-
-WORKDIR /
-
-SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.12.0e
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
+#      
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
+FROM bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
diff --git a/docker/aarch64/sqlite/Dockerfile b/docker/aarch64/sqlite/Dockerfile
index 0c2e7dbf4d3cb1081267200cf5005360bb611c43..f130faca0e36f442a22cd0ceebb47d43ab81611b 100644
--- a/docker/aarch64/sqlite/Dockerfile
+++ b/docker/aarch64/sqlite/Dockerfile
@@ -5,21 +5,17 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM rust:1.40 as vault
 
-ENV VAULT_VERSION "v2.12.0d"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-
-WORKDIR /
-
-SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.12.0e
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
+#      
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
+FROM bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
diff --git a/docker/amd64/mysql/Dockerfile b/docker/amd64/mysql/Dockerfile
index 6e12db2b0b649ce07b2ab921d3eee7054641cb3b..7f47c4757ab5694abc5e0c0b148baf16ebee7b5c 100644
--- a/docker/amd64/mysql/Dockerfile
+++ b/docker/amd64/mysql/Dockerfile
@@ -5,21 +5,17 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM rust:1.40 as vault
 
-ENV VAULT_VERSION "v2.12.0d"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-
-WORKDIR /
-
-SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.12.0e
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
+#      
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
+FROM bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
diff --git a/docker/amd64/mysql/Dockerfile.alpine b/docker/amd64/mysql/Dockerfile.alpine
index 9bc6a51e8e27d5b3e04348f9bc014bbd06739f89..c3fff716989f303fbcaf38eaebf5921819e82266 100644
--- a/docker/amd64/mysql/Dockerfile.alpine
+++ b/docker/amd64/mysql/Dockerfile.alpine
@@ -5,20 +5,17 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault
 
-ENV VAULT_VERSION "v2.12.0d"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade curl tar
-
-WORKDIR /
-
-SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.12.0e
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
+#      
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
+FROM bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c as vault
 
 ########################## BUILD IMAGE  ##########################
 # Musl build image for statically compiled binary
diff --git a/docker/amd64/postgresql/Dockerfile b/docker/amd64/postgresql/Dockerfile
index 8428de9e832039d6f4a8d7ccf25e71c1f536f960..8cfa39050b77a0c208b9de201454200cb26e07ef 100644
--- a/docker/amd64/postgresql/Dockerfile
+++ b/docker/amd64/postgresql/Dockerfile
@@ -5,21 +5,17 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM rust:1.40 as vault
 
-ENV VAULT_VERSION "v2.12.0d"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-
-WORKDIR /
-
-SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.12.0e
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
+#      
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
+FROM bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
diff --git a/docker/amd64/postgresql/Dockerfile.alpine b/docker/amd64/postgresql/Dockerfile.alpine
index 12f2e529a18bf585d839d525642a7bf1b2ab6d15..c9574c5efe1df45a6cad69aa310e33d172ac2dba 100644
--- a/docker/amd64/postgresql/Dockerfile.alpine
+++ b/docker/amd64/postgresql/Dockerfile.alpine
@@ -5,20 +5,17 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault
 
-ENV VAULT_VERSION "v2.12.0d"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade curl tar
-
-WORKDIR /
-
-SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.12.0e
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
+#      
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
+FROM bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c as vault
 
 ########################## BUILD IMAGE  ##########################
 # Musl build image for statically compiled binary
diff --git a/docker/amd64/sqlite/Dockerfile b/docker/amd64/sqlite/Dockerfile
index e120c18e28c0ccedeca57e8532ca358d7893f1a6..af2e792cc57a40bdadb7f3cfbcaa4685723a39ef 100644
--- a/docker/amd64/sqlite/Dockerfile
+++ b/docker/amd64/sqlite/Dockerfile
@@ -5,21 +5,17 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM rust:1.40 as vault
 
-ENV VAULT_VERSION "v2.12.0d"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-
-WORKDIR /
-
-SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.12.0e
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
+#      
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
+FROM bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
diff --git a/docker/amd64/sqlite/Dockerfile.alpine b/docker/amd64/sqlite/Dockerfile.alpine
index 8cd9251ef6b7e4af4c81e92a564ed40ef9146487..881b2e58f1bf3ea453bb0d662576eca7bd7fef9c 100644
--- a/docker/amd64/sqlite/Dockerfile.alpine
+++ b/docker/amd64/sqlite/Dockerfile.alpine
@@ -5,20 +5,17 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM alpine:3.11 as vault
 
-ENV VAULT_VERSION "v2.12.0d"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-RUN apk add --no-cache --upgrade curl tar
-
-WORKDIR /
-
-SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.12.0e
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
+#      
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
+FROM bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c as vault
 
 ########################## BUILD IMAGE  ##########################
 # Musl build image for statically compiled binary
diff --git a/docker/armv6/mysql/Dockerfile b/docker/armv6/mysql/Dockerfile
index d55e12b9052cd0c06ef8fcb650c213dbe037eb42..5f815760e6e60c7532b52539613e53d29e09a384 100644
--- a/docker/armv6/mysql/Dockerfile
+++ b/docker/armv6/mysql/Dockerfile
@@ -5,21 +5,17 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM rust:1.40 as vault
 
-ENV VAULT_VERSION "v2.12.0d"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-
-WORKDIR /
-
-SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.12.0e
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
+#      
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
+FROM bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
diff --git a/docker/armv6/sqlite/Dockerfile b/docker/armv6/sqlite/Dockerfile
index ee6b59026cb199d12ec121e298a56800e013e112..37560904e964c1acaec84b044a327cd2a7b5e404 100644
--- a/docker/armv6/sqlite/Dockerfile
+++ b/docker/armv6/sqlite/Dockerfile
@@ -5,21 +5,17 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM rust:1.40 as vault
 
-ENV VAULT_VERSION "v2.12.0d"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-
-WORKDIR /
-
-SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.12.0e
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
+#      
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
+FROM bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
diff --git a/docker/armv7/mysql/Dockerfile b/docker/armv7/mysql/Dockerfile
index c486595f0bb223a14b180d2fbf3621c750f3adab..c1183cce3e54e239d236d4eecc8cf349b567d80a 100644
--- a/docker/armv7/mysql/Dockerfile
+++ b/docker/armv7/mysql/Dockerfile
@@ -5,21 +5,17 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM rust:1.40 as vault
 
-ENV VAULT_VERSION "v2.12.0d"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-
-WORKDIR /
-
-SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.12.0e
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
+#      
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
+FROM bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because
diff --git a/docker/armv7/sqlite/Dockerfile b/docker/armv7/sqlite/Dockerfile
index 7cce852d4b75215be5addd0860f0a658cabbbfeb..cfd1dc7d7faad170b89890af551cc2eb92c70100 100644
--- a/docker/armv7/sqlite/Dockerfile
+++ b/docker/armv7/sqlite/Dockerfile
@@ -5,21 +5,17 @@
 # 	https://docs.docker.com/develop/develop-images/multistage-build/
 # 	https://whitfin.io/speeding-up-rust-docker-builds/
 ####################### VAULT BUILD IMAGE  #######################
-FROM rust:1.40 as vault
 
-ENV VAULT_VERSION "v2.12.0d"
-
-ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
-
-WORKDIR /
-
-SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
-
-RUN curl -L $URL | tar xz
-RUN ls
+#  This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
+#  It can be viewed in multiple ways:
+#  - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
+#  - From the console, with the following commands:
+#      docker pull bitwardenrs/web-vault:v2.12.0e
+#      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
+#      
+#  - To do the opposite, and get the tag from the hash, you can do:
+#      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
+FROM bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c as vault
 
 ########################## BUILD IMAGE  ##########################
 # We need to use the Rust build image, because