diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index fce5a4d..c39641d 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -6,13 +6,12 @@
     "args": {
       "DOCKER_GID": "${env:DOCKER_GID:}",
       "IMAGE_NAME": "node_24_python_3_14",
-      "IMAGE_VERSION": "v1.2.0",
+      "IMAGE_VERSION": "v1.3.0",
       "USER_UID": "${localEnv:USER_ID:}",
       "USER_GID": "${localEnv:GROUP_ID:}"
     },
     "updateRemoteUserUID": false
   },
-  "postAttachCommand": "git-secrets --register-aws; git-secrets --add-provider -- cat /usr/share/secrets-scanner/nhsd-rules-deny.txt",
   "mounts": [
     "source=${env:HOME}${env:USERPROFILE}/.aws,target=/home/vscode/.aws,type=bind",
     "source=${env:HOME}${env:USERPROFILE}/.ssh,target=/home/vscode/.ssh,type=bind",
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 88b3856..d61fd96 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -29,4 +29,3 @@ jobs:
             pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
             branch_name: main
             tag_format: ${{ needs.get_config_values.outputs.tag_format }}
-        secrets: inherit
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index b08711a..c5b2fc5 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -38,4 +38,3 @@ jobs:
             pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
             branch_name: ${{ github.event.pull_request.head.ref }}
             tag_format: ${{ needs.get_config_values.outputs.tag_format }}
-        secrets: inherit
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 335d4b9..511d39c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -30,4 +30,3 @@ jobs:
             pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
             branch_name: main
             tag_format: ${{ needs.get_config_values.outputs.tag_format }}
-        secrets: inherit
diff --git a/action.yml b/action.yml
index 4e36782..00e0114 100644
--- a/action.yml
+++ b/action.yml
@@ -23,6 +23,7 @@ runs:
       with:
         ref: ${{ inputs.calling_repo_base_branch }}
         fetch-depth: 0
+        persist-credentials: false
 
     - name: Checkout central repo code
       uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
@@ -31,6 +32,7 @@ runs:
         fetch-depth: 0
         path: eps-copilot-instructions
         repository: NHSDigital/eps-copilot-instructions
+        persist-credentials: false
         sparse-checkout: |
           .github/instructions/general
           .github/instructions/languages