diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 9e4492cb..4a057142 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -63,6 +63,18 @@ jobs:
     - name: Cargo test -p dcap-artifact-retrieval --features rustls-tls
       run: cargo test --verbose --locked -p dcap-artifact-retrieval --features rustls-tls
 
+    - name: Test dcap-artifact-retrieval PCCS provider with rustls-tls
+      if: secrets.PCCS_URL && secrets.PCCS_URL != ''
+      env:
+        PCCS_URL: ${{ secrets.PCCS_URL }}
+      run: cargo test --verbose --locked -p dcap-artifact-retrieval --features rustls-tls "pccs::" -- --ignored
+
+    - name: Test dcap-artifact-retrieval PCCS provider without rustls-tls
+      if: secrets.PCCS_URL && secrets.PCCS_URL != ''
+      env:
+        PCCS_URL: ${{ secrets.PCCS_URL }}
+      run: cargo test --verbose --locked -p dcap-artifact-retrieval "pccs::" -- --ignored
+
     - name: Cargo test -p dcap-ql --features link
       run: cargo test --verbose --locked -p dcap-ql --features link
 
diff --git a/intel-sgx/dcap-artifact-retrieval/src/provisioning_client/pccs.rs b/intel-sgx/dcap-artifact-retrieval/src/provisioning_client/pccs.rs
index 8611b73d..d8f4f84b 100644
--- a/intel-sgx/dcap-artifact-retrieval/src/provisioning_client/pccs.rs
+++ b/intel-sgx/dcap-artifact-retrieval/src/provisioning_client/pccs.rs
@@ -403,6 +403,7 @@ impl<'inp> ProvisioningServiceApi<'inp> for QeIdApi {
 mod tests {
     use std::hash::{DefaultHasher, Hash, Hasher};
     use std::path::PathBuf;
+    use std::sync::OnceLock;
     use std::time::Duration;
 
     use pcs::PckID;
@@ -416,10 +417,18 @@ mod tests {
     const PCKID_TEST_FILE: &str = "./tests/data/pckid_retrieval.csv";
     const OUTPUT_TEST_DIR: &str = "./tests/data/";
     const TIME_RETRY_TIMEOUT: Duration = Duration::from_secs(180);
-    const PCCS_URL: &'static str = "https://localhost:8081";
+
+    static PCCS_URL: OnceLock<String> = OnceLock::new();
+
+    fn pccs_url_from_env() -> String {
+        let api_key = std::env::var("PCCS_URL").expect("PCCS_URL must be set");
+        assert!(!api_key.is_empty(), "Empty string in PCCS_URL");
+        api_key
+    }
 
     fn make_client(api_version: PcsVersion) -> Client<ReqwestClient> {
-        PccsProvisioningClientBuilder::new(api_version, PCCS_URL)
+        let url = &*PCCS_URL.get_or_init(pccs_url_from_env);
+        PccsProvisioningClientBuilder::new(api_version, url)
             .set_retry_timeout(TIME_RETRY_TIMEOUT)
             .build(reqwest_client_insecure_tls())
     }