diff --git a/.github/workflows/toolbox-cloud-cli.yml b/.github/workflows/toolbox-cloud-cli.yml
new file mode 100644
index 0000000..7783d69
--- /dev/null
+++ b/.github/workflows/toolbox-cloud-cli.yml
@@ -0,0 +1,77 @@
+name: "Build toolbox-cloud-cli image"
+
+env:
+  NAME: "toolbox-cloud-cli"
+  REGISTRY: "quay.io/travier"
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'toolbox-cloud-cli/**'
+      - '.github/workflows/toolbox-cloud-cli.yml'
+  push:
+    branches:
+      - main
+    paths:
+      - 'toolbox-cloud-cli/**'
+      - '.github/workflows/toolbox-cloud-cli.yml'
+  schedule:
+    - cron:  '0 0 * * MON'
+
+permissions: read-all
+
+# Prevent multiple workflow runs from racing to ensure that pushes are made
+# sequentialy for the main branch. Also cancel in progress workflow runs for
+# pull requests only.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  build-push-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Build container image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          context: ${{ env.NAME }}
+          image: ${{ env.NAME }}
+          tags: latest
+          containerfiles: ${{ env.NAME }}/Containerfile
+          layers: false
+          oci: true
+
+      - name: Push to Container Registry
+        uses: redhat-actions/push-to-registry@v2
+        id: push
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
+        with:
+          username: ${{ secrets.BOT_USERNAME }}
+          password: ${{ secrets.BOT_SECRET }}
+          image: ${{ env.NAME }}
+          registry: ${{ env.REGISTRY }}
+          tags: latest
+
+      - name: Login to Container Registry
+        uses: redhat-actions/podman-login@v1
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.BOT_USERNAME }}
+          password: ${{ secrets.BOT_SECRET }}
+
+      - uses: sigstore/cosign-installer@v3.4.0
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
+
+      - name: Sign container image
+        if: (github.event_name == 'push' || github.event_name == 'schedule') && github.ref == 'refs/heads/main'
+        run: |
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.NAME }}@${{ steps.push.outputs.digest }}
+        env:
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
diff --git a/toolbox-cloud-cli/Containerfile b/toolbox-cloud-cli/Containerfile
new file mode 100644
index 0000000..a79586e
--- /dev/null
+++ b/toolbox-cloud-cli/Containerfile
@@ -0,0 +1,18 @@
+FROM registry.fedoraproject.org/fedora-toolbox:39
+
+# - Install cloud cli tools
+# - Remove mlocate
+RUN dnf -y distrosync && \
+    dnf -y install \
+      awscli \
+      azurecli \
+      oci-cli \
+      vim \
+      zsh \
+      && \
+    dnf -y remove mlocate && \
+    dnf clean all
+
+# No need to clear the output as we will never use ZSH as a login shell and
+# this clears output when exiting toolboxes.
+RUN sed -i '/clear/d' /etc/zlogout
diff --git a/toolbox-cloud-cli/README.md b/toolbox-cloud-cli/README.md
new file mode 100644
index 0000000..8138929
--- /dev/null
+++ b/toolbox-cloud-cli/README.md
@@ -0,0 +1 @@
+# Various Cloud CLI tools