diff --git a/internal/provider/build.go b/internal/provider/build.go
index 2adcd86..986bb2f 100644
--- a/internal/provider/build.go
+++ b/internal/provider/build.go
@@ -82,13 +82,7 @@ type imagesbom struct {
 	predicateSHA256 string
 }
 
-func doBuild(ctx context.Context, data BuildResourceModel) (v1.Hash, coci.SignedEntity, map[string]imagesbom, error) {
-	tempDir, err := os.MkdirTemp("", "apko-*")
-	if err != nil {
-		return v1.Hash{}, nil, nil, fmt.Errorf("failed to create temporary directory: %w", err)
-	}
-	defer os.RemoveAll(tempDir)
-
+func doBuild(ctx context.Context, data BuildResourceModel, tempDir string) (v1.Hash, coci.SignedEntity, map[string]imagesbom, error) {
 	var ic types.ImageConfiguration
 	if diags := assignValue(data.Config, &ic); diags.HasError() {
 		return v1.Hash{}, nil, nil, fmt.Errorf("assigning value: %v", diags.Errors())
@@ -118,6 +112,7 @@ func doBuild(ctx context.Context, data BuildResourceModel) (v1.Hash, coci.Signed
 		build.WithCache("", false, data.popts.cache),
 		build.WithSBOMFormats([]string{"spdx"}),
 		build.WithSBOM(tempDir),
+		build.WithTempDir(tempDir),
 		build.WithExtraKeys(data.popts.keyring),
 		build.WithExtraBuildRepos(data.popts.buildRespositories),
 		build.WithExtraRuntimeRepos(data.popts.repositories))
diff --git a/internal/provider/resource_build.go b/internal/provider/resource_build.go
index d9f61e5..72312a8 100644
--- a/internal/provider/resource_build.go
+++ b/internal/provider/resource_build.go
@@ -3,6 +3,7 @@ package provider
 import (
 	"context"
 	"fmt"
+	"os"
 
 	"github.com/chainguard-dev/terraform-provider-oci/pkg/validators"
 	"github.com/google/go-containerregistry/pkg/name"
@@ -154,7 +155,14 @@ func (r *BuildResource) Create(ctx context.Context, req resource.CreateRequest,
 		return
 	}
 
-	digest, se, sboms, err := doBuild(ctx, *data)
+	tempDir, err := os.MkdirTemp("", "apko-*")
+	if err != nil {
+		resp.Diagnostics.AddError("Client Error", fmt.Errorf("failed to create temporary directory: %w", err).Error())
+		return
+	}
+	defer os.RemoveAll(tempDir)
+
+	digest, se, sboms, err := doBuild(ctx, *data, tempDir)
 	if err != nil {
 		resp.Diagnostics.AddError("Client Error", err.Error())
 		return
@@ -234,7 +242,14 @@ func (r *BuildResource) Update(ctx context.Context, req resource.UpdateRequest,
 		return
 	}
 
-	digest, _, _, err := doBuild(ctx, *data)
+	tempDir, err := os.MkdirTemp("", "apko-*")
+	if err != nil {
+		resp.Diagnostics.AddError("Client Error", fmt.Errorf("failed to create temporary directory: %w", err).Error())
+		return
+	}
+	defer os.RemoveAll(tempDir)
+
+	digest, _, _, err := doBuild(ctx, *data, tempDir)
 	if err != nil {
 		resp.Diagnostics.AddError("Client Error", err.Error())
 		return