diff --git a/mgradm/cmd/install/podman/utils.go b/mgradm/cmd/install/podman/utils.go
index eb266d972..c35e4c78f 100644
--- a/mgradm/cmd/install/podman/utils.go
+++ b/mgradm/cmd/install/podman/utils.go
@@ -87,12 +87,8 @@ func installForPodman(
 	if err != nil {
 		return utils.Errorf(err, L("failed to compute image URL"))
 	}
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
 
-	preparedImage, err := shared_podman.PrepareImage(image, flags.Image.PullPolicy, pullArgs...)
+	preparedImage, err := shared_podman.PrepareImage(inspectedHostValues, image, flags.Image.PullPolicy)
 	if err != nil {
 		return err
 	}
diff --git a/mgradm/cmd/migrate/podman/utils.go b/mgradm/cmd/migrate/podman/utils.go
index 650c3b706..7095f411b 100644
--- a/mgradm/cmd/migrate/podman/utils.go
+++ b/mgradm/cmd/migrate/podman/utils.go
@@ -32,18 +32,12 @@ func migrateToPodman(globalFlags *types.GlobalFlags, flags *podmanMigrateFlags,
 		return utils.Errorf(err, L("cannot compute image"))
 	}
 
-	// FIXME all this code should be centralized. Now it being called in several different places.
 	inspectedHostValues, err := utils.InspectHost(false)
 	if err != nil {
 		return utils.Errorf(err, L("cannot inspect host values"))
 	}
 
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
-
-	preparedImage, err := podman_utils.PrepareImage(serverImage, flags.Image.PullPolicy, pullArgs...)
+	preparedImage, err := podman_utils.PrepareImage(inspectedHostValues, serverImage, flags.Image.PullPolicy)
 	if err != nil {
 		return err
 	}
diff --git a/mgradm/shared/podman/podman.go b/mgradm/shared/podman/podman.go
index 5c29f022d..cac81de1b 100644
--- a/mgradm/shared/podman/podman.go
+++ b/mgradm/shared/podman/podman.go
@@ -247,12 +247,7 @@ func RunPgsqlVersionUpgrade(image types.ImageFlags, upgradeImage types.ImageFlag
 			return utils.Errorf(err, L("cannot inspect host values"))
 		}
 
-		pullArgs := []string{}
-		if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-			pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-		}
-
-		preparedImage, err := podman.PrepareImage(upgradeImageUrl, image.PullPolicy, pullArgs...)
+		preparedImage, err := podman.PrepareImage(inspectedHostValues, upgradeImageUrl, image.PullPolicy)
 		if err != nil {
 			return err
 		}
@@ -340,12 +335,7 @@ func Upgrade(image types.ImageFlags, upgradeImage types.ImageFlags, cocoImage ty
 		return utils.Errorf(err, L("cannot inspect host values"))
 	}
 
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
-
-	preparedImage, err := podman.PrepareImage(serverImage, image.PullPolicy, pullArgs...)
+	preparedImage, err := podman.PrepareImage(inspectedHostValues, serverImage, image.PullPolicy)
 	if err != nil {
 		return err
 	}
diff --git a/mgrpxy/cmd/install/podman/utils.go b/mgrpxy/cmd/install/podman/utils.go
index 667dbe363..21b197960 100644
--- a/mgrpxy/cmd/install/podman/utils.go
+++ b/mgrpxy/cmd/install/podman/utils.go
@@ -37,23 +37,28 @@ func installForPodman(globalFlags *types.GlobalFlags, flags *podman.PodmanProxyF
 		return shared_utils.Errorf(err, L("failed to extract proxy config from %s file"), configPath)
 	}
 
-	httpdImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "httpd")
+	inspectedHostValues, err := shared_utils.InspectHost(true)
+	if err != nil {
+		return shared_utils.Errorf(err, L("cannot inspect host values"))
+	}
+
+	httpdImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "httpd")
 	if err != nil {
 		return err
 	}
-	saltBrokerImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "salt-broker")
+	saltBrokerImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "salt-broker")
 	if err != nil {
 		return err
 	}
-	squidImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "squid")
+	squidImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "squid")
 	if err != nil {
 		return err
 	}
-	sshImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "ssh")
+	sshImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "ssh")
 	if err != nil {
 		return err
 	}
-	tftpdImage, err := podman.GetContainerImage(&flags.ProxyImageFlags, "tftpd")
+	tftpdImage, err := podman.GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "tftpd")
 	if err != nil {
 		return err
 	}
diff --git a/mgrpxy/shared/podman/podman.go b/mgrpxy/shared/podman/podman.go
index f7dc969eb..b000605d5 100644
--- a/mgrpxy/shared/podman/podman.go
+++ b/mgrpxy/shared/podman/podman.go
@@ -151,19 +151,14 @@ func getHttpProxyConfig() string {
 }
 
 // GetContainerImage returns a proxy image URL.
-func GetContainerImage(flags *utils.ProxyImageFlags, name string) (string, error) {
+func GetContainerImage(
+	inspectedHostValues *shared_utils.HostInspectData,
+	flags *utils.ProxyImageFlags,
+	name string,
+) (string, error) {
 	image := flags.GetContainerImage(name)
-	inspectedHostValues, err := shared_utils.InspectHost(true)
-	if err != nil {
-		return "", shared_utils.Errorf(err, L("cannot inspect host values"))
-	}
-
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
 
-	preparedImage, err := podman.PrepareImage(image, flags.PullPolicy, pullArgs...)
+	preparedImage, err := podman.PrepareImage(inspectedHostValues, image, flags.PullPolicy)
 	if err != nil {
 		return "", err
 	}
@@ -220,23 +215,29 @@ func Upgrade(globalFlags *types.GlobalFlags, flags *PodmanProxyFlags, cmd *cobra
 	if err := podman.StopService(podman.ProxyService); err != nil {
 		return err
 	}
-	httpdImage, err := GetContainerImage(&flags.ProxyImageFlags, "httpd")
+
+	inspectedHostValues, err := shared_utils.InspectHost(true)
+	if err != nil {
+		return shared_utils.Errorf(err, L("cannot inspect host values"))
+	}
+
+	httpdImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "httpd")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find httpd image: it will no be upgraded"))
 	}
-	saltBrokerImage, err := GetContainerImage(&flags.ProxyImageFlags, "salt-broker")
+	saltBrokerImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "salt-broker")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find salt-broker image: it will no be upgraded"))
 	}
-	squidImage, err := GetContainerImage(&flags.ProxyImageFlags, "squid")
+	squidImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "squid")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find squid image: it will no be upgraded"))
 	}
-	sshImage, err := GetContainerImage(&flags.ProxyImageFlags, "ssh")
+	sshImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "ssh")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find ssh image: it will no be upgraded"))
 	}
-	tftpdImage, err := GetContainerImage(&flags.ProxyImageFlags, "tftpd")
+	tftpdImage, err := GetContainerImage(inspectedHostValues, &flags.ProxyImageFlags, "tftpd")
 	if err != nil {
 		log.Warn().Msgf(L("cannot find tftpd image: it will no be upgraded"))
 	}
diff --git a/shared/podman/images.go b/shared/podman/images.go
index 8508f5d15..22339062d 100644
--- a/shared/podman/images.go
+++ b/shared/podman/images.go
@@ -27,7 +27,12 @@ const rpmImageDir = "/usr/share/suse-docker-images/native/"
 // Ensure the container image is pulled or pull it if the pull policy allows it.
 //
 // Returns the image name to use. Note that it may be changed if the image has been loaded from a local RPM package.
-func PrepareImage(image string, pullPolicy string, args ...string) (string, error) {
+func PrepareImage(
+	inspectedHostValues *utils.HostInspectData,
+	image string,
+	pullPolicy string,
+	args ...string,
+) (string, error) {
 	if strings.ToLower(pullPolicy) != "always" {
 		log.Info().Msgf(L("Ensure image %s is available"), image)
 
@@ -62,7 +67,7 @@ func PrepareImage(image string, pullPolicy string, args ...string) (string, erro
 
 	if strings.ToLower(pullPolicy) != "never" {
 		log.Debug().Msgf("Pulling image %s because it is missing and pull policy is not 'never'", image)
-		return image, pullImage(image, args...)
+		return image, pullImage(inspectedHostValues, image, args...)
 	}
 
 	return image, fmt.Errorf(L("image %s is missing and cannot be fetched"), image)
@@ -203,21 +208,30 @@ func GetPulledImageName(image string) (string, error) {
 	return string(bytes.TrimSpace(out)), nil
 }
 
-func pullImage(image string, args ...string) error {
+func pullImage(inspectedHostValues *utils.HostInspectData, image string, args ...string) error {
 	if utils.ContainsUpperCase(image) {
 		return fmt.Errorf(L("%s should contains just lower case character, otherwise podman pull would fails"), image)
 	}
+
+	// Do we need to authenticate?
+
 	log.Info().Msgf(L("Running podman pull %s"), image)
 	podmanImageArgs := []string{"pull", image}
 	podmanArgs := append(podmanImageArgs, args...)
 
+	stdin := ""
+	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
+		podmanArgs = append(podmanArgs, "--creds", inspectedHostValues.SccUsername)
+		stdin = inspectedHostValues.SccPassword
+	}
+
 	loglevel := zerolog.DebugLevel
 	if len(args) > 0 {
 		loglevel = zerolog.Disabled
 		log.Debug().Msg("Additional arguments for pull command will not be shown.")
 	}
 
-	return utils.RunCmdStdMapping(loglevel, "", "podman", podmanArgs...)
+	return utils.RunCmdStdMapping(loglevel, stdin, "podman", podmanArgs...)
 }
 
 // ShowAvailableTag  returns the list of available tag for a given image.
diff --git a/shared/podman/utils.go b/shared/podman/utils.go
index 31b2c7c9c..4646c3491 100644
--- a/shared/podman/utils.go
+++ b/shared/podman/utils.go
@@ -185,12 +185,7 @@ func Inspect(serverImage string, pullPolicy string, proxyHost bool) (*utils.Serv
 		return nil, utils.Errorf(err, L("cannot inspect host values"))
 	}
 
-	pullArgs := []string{}
-	if inspectedHostValues.SccUsername != "" && inspectedHostValues.SccPassword != "" {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues.SccUsername+":"+inspectedHostValues.SccPassword)
-	}
-
-	preparedImage, err := PrepareImage(serverImage, pullPolicy, pullArgs...)
+	preparedImage, err := PrepareImage(inspectedHostValues, serverImage, pullPolicy)
 	if err != nil {
 		return nil, err
 	}