diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index 0867985..9903bce 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -9,10 +9,13 @@ on:
     tags:
       - 'v*.*.*'
 
+env:
+  USE_DOCKER: true
+
 jobs:
   style:
     name: Check Style
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v1
@@ -35,7 +38,7 @@ jobs:
   test:
     name: Test
     needs: [style]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v1
@@ -59,7 +62,7 @@ jobs:
     name: deploy
     needs: [test]
     if: startsWith(github.ref, 'refs/tags/')
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     strategy: 
       matrix:
         target: [ aarch64-unknown-linux-gnu, armv7-unknown-linux-gnueabihf, i686-unknown-linux-gnu, i686-unknown-linux-musl, powerpc64-unknown-linux-gnu, powerpc64le-unknown-linux-gnu, arm-unknown-linux-gnueabi, x86_64-unknown-linux-gnu, x86_64-unknown-linux-musl ]
diff --git a/Cargo.lock b/Cargo.lock
index 4f8eb0e..466e87a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -145,9 +145,9 @@ dependencies = [
 
 [[package]]
 name = "core-foundation"
-version = "0.9.3"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "194a7a9e6de53fa55116934067c844d9d749312f75c6f6d0980e8c252f8c2146"
+checksum = "57d24c7a13c43e870e37c1556b74555437870a04514f7685f5b354e090567171"
 dependencies = [
  "core-foundation-sys",
  "libc",
@@ -155,9 +155,9 @@ dependencies = [
 
 [[package]]
 name = "core-foundation-sys"
-version = "0.8.3"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
+checksum = "b3a71ab494c0b5b860bdc8407ae08978052417070c2ced38573a9157ad75b8ac"
 
 [[package]]
 name = "digest"
@@ -198,21 +198,6 @@ version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
 
-[[package]]
-name = "foreign-types"
-version = "0.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
-dependencies = [
- "foreign-types-shared",
-]
-
-[[package]]
-name = "foreign-types-shared"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
-
 [[package]]
 name = "form_urlencoded"
 version = "1.1.0"
@@ -275,6 +260,17 @@ version = "0.3.25"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "04909a7a7e4633ae6c4a9ab280aeb86da1236243a77b694a49eacd659a4bd3ac"
 
+[[package]]
+name = "futures-macro"
+version = "0.3.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bdfb8ce053d86b91919aad980c220b1fb8401a9394410e1c289ed7e66b61835d"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "futures-sink"
 version = "0.3.25"
@@ -294,9 +290,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "197676987abd2f9cadff84926f410af1c183608d36641465df73ae8211dc65d6"
 dependencies = [
  "futures-core",
+ "futures-macro",
  "futures-task",
  "pin-project-lite 0.2.9",
  "pin-utils",
+ "slab",
 ]
 
 [[package]]
@@ -401,16 +399,19 @@ dependencies = [
 ]
 
 [[package]]
-name = "hyper-tls"
-version = "0.4.3"
+name = "hyper-rustls"
+version = "0.21.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d979acc56dcb5b8dddba3917601745e877576475aa046df3226eabdecef78eed"
+checksum = "37743cc83e8ee85eacfce90f2f4102030d9ff0a95244098d781e9bee4a90abb6"
 dependencies = [
  "bytes 0.5.6",
+ "futures-util",
  "hyper",
- "native-tls",
+ "log",
+ "rustls",
  "tokio",
- "tokio-tls",
+ "tokio-rustls",
+ "webpki",
 ]
 
 [[package]]
@@ -562,24 +563,6 @@ dependencies = [
  "ws2_32-sys",
 ]
 
-[[package]]
-name = "native-tls"
-version = "0.2.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e"
-dependencies = [
- "lazy_static",
- "libc",
- "log",
- "openssl",
- "openssl-probe",
- "openssl-sys",
- "schannel",
- "security-framework",
- "security-framework-sys",
- "tempfile",
-]
-
 [[package]]
 name = "net2"
 version = "0.2.38"
@@ -613,51 +596,12 @@ version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c"
 
-[[package]]
-name = "openssl"
-version = "0.10.42"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "12fc0523e3bd51a692c8850d075d74dc062ccf251c0110668cbd921917118a13"
-dependencies = [
- "bitflags",
- "cfg-if 1.0.0",
- "foreign-types",
- "libc",
- "once_cell",
- "openssl-macros",
- "openssl-sys",
-]
-
-[[package]]
-name = "openssl-macros"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
 [[package]]
 name = "openssl-probe"
 version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
 
-[[package]]
-name = "openssl-sys"
-version = "0.9.77"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b03b84c3b2d099b81f0953422b4d4ad58761589d0229b5506356afca05a3670a"
-dependencies = [
- "autocfg",
- "cc",
- "libc",
- "pkg-config",
- "vcpkg",
-]
-
 [[package]]
 name = "percent-encoding"
 version = "2.2.0"
@@ -702,12 +646,6 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
 
-[[package]]
-name = "pkg-config"
-version = "0.3.26"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160"
-
 [[package]]
 name = "proc-macro-hack"
 version = "0.5.19"
@@ -764,20 +702,21 @@ dependencies = [
  "http",
  "http-body",
  "hyper",
- "hyper-tls",
+ "hyper-rustls",
  "ipnet",
  "js-sys",
  "lazy_static",
  "log",
  "mime",
  "mime_guess",
- "native-tls",
  "percent-encoding",
  "pin-project-lite 0.2.9",
+ "rustls",
+ "rustls-native-certs",
  "serde",
  "serde_urlencoded",
  "tokio",
- "tokio-tls",
+ "tokio-rustls",
  "url",
  "wasm-bindgen",
  "wasm-bindgen-futures",
@@ -785,6 +724,46 @@ dependencies = [
  "winreg",
 ]
 
+[[package]]
+name = "ring"
+version = "0.16.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
+dependencies = [
+ "cc",
+ "libc",
+ "once_cell",
+ "spin",
+ "untrusted",
+ "web-sys",
+ "winapi 0.3.9",
+]
+
+[[package]]
+name = "rustls"
+version = "0.18.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d1126dcf58e93cee7d098dbda643b5f92ed724f1f6a63007c1116eed6700c81"
+dependencies = [
+ "base64 0.12.3",
+ "log",
+ "ring",
+ "sct",
+ "webpki",
+]
+
+[[package]]
+name = "rustls-native-certs"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "629d439a7672da82dd955498445e496ee2096fe2117b9f796558a43fdb9e59b8"
+dependencies = [
+ "openssl-probe",
+ "rustls",
+ "schannel",
+ "security-framework",
+]
+
 [[package]]
 name = "ryu"
 version = "1.0.11"
@@ -801,11 +780,21 @@ dependencies = [
  "windows-sys",
 ]
 
+[[package]]
+name = "sct"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b362b83898e0e69f38515b82ee15aa80636befe47c3b6d3d89a911e78fc228ce"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "security-framework"
-version = "2.7.0"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2bc1bb97804af6631813c55739f771071e0f2ed33ee20b68c86ec505d906356c"
+checksum = "ad502866817f0575705bd7be36e2b2535cc33262d493aa733a2ec862baa2bc2b"
 dependencies = [
  "bitflags",
  "core-foundation",
@@ -816,9 +805,9 @@ dependencies = [
 
 [[package]]
 name = "security-framework-sys"
-version = "2.6.1"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0160a13a177a45bfb43ce71c01580998474f556ad854dcbca936dd2841a5c556"
+checksum = "51ceb04988b17b6d1dcd555390fa822ca5637b4a14e1f5099f13d351bed4d6c7"
 dependencies = [
  "core-foundation-sys",
  "libc",
@@ -885,6 +874,12 @@ dependencies = [
  "winapi 0.3.9",
 ]
 
+[[package]]
+name = "spin"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
+
 [[package]]
 name = "sshkeys"
 version = "0.3.2"
@@ -982,13 +977,15 @@ dependencies = [
 ]
 
 [[package]]
-name = "tokio-tls"
-version = "0.3.1"
+name = "tokio-rustls"
+version = "0.14.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a70f4fcd7b3b24fb194f837560168208f669ca8cb70d0c4b862944452396343"
+checksum = "e12831b255bcfa39dc0436b01e19fea231a37db570686c06ee72c423479f889a"
 dependencies = [
- "native-tls",
+ "futures-core",
+ "rustls",
  "tokio",
+ "webpki",
 ]
 
 [[package]]
@@ -1090,6 +1087,12 @@ version = "0.1.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b"
 
+[[package]]
+name = "untrusted"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
+
 [[package]]
 name = "url"
 version = "2.3.1"
@@ -1110,12 +1113,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "vcpkg"
-version = "0.2.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
-
 [[package]]
 name = "vec_map"
 version = "0.8.2"
@@ -1216,6 +1213,16 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "webpki"
+version = "0.21.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8e38c0608262c46d4a56202ebabdeb094cef7e560ca7a226c6bf055188aa4ea"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "winapi"
 version = "0.2.8"
diff --git a/Cargo.toml b/Cargo.toml
index 3a789af..4fde5dd 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -10,5 +10,5 @@ fstrings = "0.2.2"
 sshkeys = "0.3.2"
 users = "0.9.1"
 tempfile = "3.1.0"
-reqwest = "0.10.4"
+reqwest = {version = "0.10.4", default-features = false, features=["rustls-tls-native-roots"]}
 tokio = {version = "0.2.13", features=["rt-threaded", "macros"]}
diff --git a/Dockerfile b/Dockerfile
index 11b7ab6..74e8c16 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,10 +1,12 @@
-FROM ubuntu:22.04
+FROM debian
 
 # Install `sudo` so `staticfloat` can mount things
-RUN apt update -y && apt install -y sudo curl openssh-client
+RUN apt update -y && apt install -y sudo openssh-client ca-certificates
 
 # Create default `staticfloat` user, give him sudo powers
-RUN useradd staticfloat
+ARG UID=1000
+ARG GID=1000
+RUN useradd -u ${UID} staticfloat
 RUN echo "staticfloat ALL = NOPASSWD: ALL" >> /etc/sudoers
 
 # Copy in our build artifacts
diff --git a/Makefile b/Makefile
index e585322..bb82924 100644
--- a/Makefile
+++ b/Makefile
@@ -1,18 +1,62 @@
 all: build
 
 AKG := target/release/authrorized-keys-github
-build: $(AKG)
+
+# When building the testing image, make the UID and GID match ours
+UID := $(shell id -u)
+GID := $(shell id -g)
+
+# We like to be fancy
+COLS := $(shell tput cols 2>/dev/null)
+ifeq ($(COLS),)
+COLS := 80
+endif
+
+# If we're supposed to use `docker`, do so with the image in `$(1)`.
+# Otherwise, just run natively.  When running in `docker`, we use `--privileged`
+# to give the docker container the ability to `mount`.
+ifeq ($(USE_DOCKER),true)
+define docker_exec
+docker run --privileged \
+           --user=$(shell id -u):$(shell id -g) \
+           -e TERM=xterm \
+		   -e CARGO_HOME=/usr/local/cargo_home \
+		   -e CARGO_TERM_PROGRESS_WIDTH=$(COLS) \
+		   -e CARGO_TERM_PROGRESS_WHEN=always \
+		   -v $(shell pwd)/target/.docker_cargo_home:/usr/local/cargo_home \
+           -v $(shell pwd):/app \
+		   -w /app \
+		   -i \
+		   $(1) \
+		   $(2)
+endef
+
+# To speed up interactive development with cargo, cache the cargo home in a subdir of `target`
+target/.docker_cargo_home:
+	mkdir -p $@
+$(AKG): target/.docker_cargo_home
+else
+define docker_exec
+$(2)
+endef
+endif
 
 $(AKG): Cargo.toml Cargo.lock src/main.rs
-	cargo build --release
+	$(call docker_exec,rust,cargo build --color=always --release)
+build: $(AKG)
 
-check: $(AKG)
-	cargo fmt --all -- --check
+check:
+	$(call docker_exec,rust,cargo fmt --color=always --all -- --check)
 
 format:
-	cargo fmt --all
+	$(call docker_exec,rust,cargo fmt --color=always --all)
 
 .PHONY: test build
 test: $(AKG)
-	docker build -t authorized-keys-github-test .
-	docker run -e TERM=xterm --privileged -i authorized-keys-github-test
+ifeq ($(USE_DOCKER),true)
+	docker build --build-arg UID=$(UID) --build-arg GID=$(GID) -t authorized-keys-github-test .
+endif
+	$(call docker_exec,authorized-keys-github-test,bash runtests.sh)
+
+clean:
+	rm -rf target
diff --git a/runtests.sh b/runtests.sh
index a7123fc..a7dd8fe 100755
--- a/runtests.sh
+++ b/runtests.sh
@@ -4,7 +4,9 @@ set -euo pipefail
 # If we're running the tests locally, we should build `authorized-keys-github` and add it to our `PATH`
 # On CI, we'll be running in a docker container that will already contain this file.
 if ! command -v authorized-keys-github >/dev/null; then
-    cargo build --release
+    if [[ ! -f target/release/authorized-keys-github ]]; then
+        cargo build --release
+    fi
     export PATH=$PATH:$(pwd)/target/release
 fi
 
@@ -60,7 +62,7 @@ test_output() {
 }
 
 # Basic test: Just see if it runs
-header "Basic test, should print all github keys for current user:"
+header "Basic test, should print all github keys for current user $(id -u -n):"
 OUTPUT="$(authorized-keys-github --keys-dir="${KEYS_DIR}" $(id -u) 2>&1 | tee >(cat 1>&2))"
 test_output "${OUTPUT}" "REFRESH_EXPECTED" "KEYS_EXPECTED"