diff --git a/tutorcredentials/patches/k8s-deployments b/tutorcredentials/patches/k8s-deployments
index e8891c8..77279e1 100644
--- a/tutorcredentials/patches/k8s-deployments
+++ b/tutorcredentials/patches/k8s-deployments
@@ -15,8 +15,8 @@ spec:
         app.kubernetes.io/name: credentials
     spec:
       securityContext:
-        runAsUser: 1000
-        runAsGroup: 1000
+        runAsUser: {{ APP_USER_ID }}
+        runAsGroup: {{ APP_USER_ID }}
       containers:
         - name: credentials
           image: {{ CREDENTIALS_DOCKER_IMAGE }}
diff --git a/tutorcredentials/templates/credentials/build/credentials/Dockerfile b/tutorcredentials/templates/credentials/build/credentials/Dockerfile
index 5cbde20..1eb8859 100644
--- a/tutorcredentials/templates/credentials/build/credentials/Dockerfile
+++ b/tutorcredentials/templates/credentials/build/credentials/Dockerfile
@@ -111,7 +111,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     && apt install -y libxml2 libmysqlclient-dev media-types mailcap
 
 # From then on, run as unprivileged "app" user
-ARG APP_USER_ID=1000
+ARG APP_USER_ID={{ HOST_USER_ID }}
 RUN if [ "$APP_USER_ID" = 0 ]; then echo "app user may not be root" && false; fi
 RUN useradd --home-dir /openedx --create-home --shell /bin/bash --uid ${APP_USER_ID} app
 USER ${APP_USER_ID}