diff --git a/assets/knative/service.yaml.tmpl b/assets/knative/service.yaml.tmpl
index 8c3abab..aa398a7 100644
--- a/assets/knative/service.yaml.tmpl
+++ b/assets/knative/service.yaml.tmpl
@@ -6,6 +6,10 @@ metadata:
 spec:
   template:
     spec:
+      {{ if ne .ImagePullSecrets "" }}
+      imagePullSecrets:
+        - name: {{ .ImagePullSecrets }}
+      {{ end }}
       containers:
         - image: {{ .RemoteTag }}
           imagePullPolicy: Always
diff --git a/src/cli/cli.go b/src/cli/cli.go
index dedeac5..829975d 100644
--- a/src/cli/cli.go
+++ b/src/cli/cli.go
@@ -67,6 +67,7 @@ func (c *icli) init(cCtx *cli.Context) error {
 	projectDirectory := cCtx.String(projectDirectoryFlag)
 	absProjectDirectory, err := filepath.Abs(cCtx.String(projectDirectoryFlag))
 	registry := cCtx.String(repoNameFlag)
+	imagePullSecrets := cCtx.String(imagePullSecretsFlag)
 	dockerFileName := cCtx.String(dockerFileNameFlag)
 
 	if dockerFileName == "" {
@@ -83,6 +84,7 @@ func (c *icli) init(cCtx *cli.Context) error {
 		projectDirectory,
 		cCtx.String(runtimeVersionFlag),
 		version,
+		imagePullSecrets,
 		c.Resources,
 	)
 
diff --git a/src/cli/flags.go b/src/cli/flags.go
index b399cc6..96792bd 100644
--- a/src/cli/flags.go
+++ b/src/cli/flags.go
@@ -42,6 +42,7 @@ const (
 	dockerFileNameFlag    string = "dockerfile-name"
 	configFileFlag        string = "config-file"
 	namespaceFlag         string = "namespace"
+	imagePullSecretsFlag  string = "image-pull-secrets"
 	stopOnBuildFlag       string = "stop-on-build"
 	stopOnPushFlag        string = "stop-on-push"
 	envVarFileFlag        string = "env-var-file"
@@ -101,6 +102,12 @@ func InitFlags() flags {
 					Required: true,
 					Category: "deploy",
 				},
+				&cli.StringFlag{
+					Name:     imagePullSecretsFlag,
+					EnvVars:  []string{"INITIUM_IMAGE_PULL_SECRET"},
+					Required: false,
+					Category: "deploy",
+				},
 				&cli.StringFlag{
 					Name:     envVarFileFlag,
 					Value:    defaults.EnvVarFile,
diff --git a/src/cli/init_test.go b/src/cli/init_test.go
index 333c2a5..2f1c7c8 100644
--- a/src/cli/init_test.go
+++ b/src/cli/init_test.go
@@ -20,6 +20,7 @@ container-registry: %s
 default-branch: main
 dockerfile-name: null
 env-var-file: .env.initium
+image-pull-secrets: null
 registry-user: null
 runtime-version: null
 `,
diff --git a/src/services/k8s/knative.go b/src/services/k8s/knative.go
index 2056850..488c485 100644
--- a/src/services/k8s/knative.go
+++ b/src/services/k8s/knative.go
@@ -53,9 +53,15 @@ func loadManifest(namespace string, commitSha string, project *project.Project,
 		return nil, fmt.Errorf("error reading the knative service yaml: %v", err)
 	}
 
+	templateParams := map[string]interface{}{
+		"Name": dockerImage.Name,
+		"RemoteTag": dockerImage.RemoteTag(),
+		"ImagePullSecrets": project.ImagePullSecrets,
+	}
+
 	output := &bytes.Buffer{}
 	// TODO replace map[string]string{} with proper values
-	if err = template.Execute(output, dockerImage); err != nil {
+	if err = template.Execute(output, templateParams); err != nil {
 		return nil, err
 	}
 
diff --git a/src/services/k8s/knative_test.go b/src/services/k8s/knative_test.go
index 6f95106..3bca8d6 100644
--- a/src/services/k8s/knative_test.go
+++ b/src/services/k8s/knative_test.go
@@ -3,11 +3,12 @@ package k8s
 import (
 	"encoding/base64"
 	"fmt"
-	"gotest.tools/v3/assert"
 	"os"
 	"path"
 	"testing"
 
+	"gotest.tools/v3/assert"
+
 	"github.com/nearform/initium-cli/src/services/docker"
 	"github.com/nearform/initium-cli/src/services/project"
 )
@@ -57,10 +58,12 @@ func TestConfig(t *testing.T) {
 func TestLoadManifest(t *testing.T) {
 	namespace := "custom"
 	commitSha := "93f4be93"
+	imagePullSecret := "secretPassword123"
 
 	proj := &project.Project{Name: "knative_test",
-		Directory: path.Join(root, "example"),
-		Resources: os.DirFS(root),
+		Directory:        path.Join(root, "example"),
+		Resources:        os.DirFS(root),
+		ImagePullSecrets: imagePullSecret,
 	}
 
 	dockerImage := docker.DockerImage{
@@ -77,7 +80,8 @@ func TestLoadManifest(t *testing.T) {
 	}
 
 	annotations := serviceManifest.Spec.Template.ObjectMeta.Annotations
+	pullSecret := serviceManifest.Spec.Template.Spec.ImagePullSecrets[0].Name
 	assert.Assert(t, annotations[UpdateTimestampAnnotationName] != "", "Missing %s annotation", UpdateTimestampAnnotationName)
 	assert.Assert(t, annotations[UpdateShaAnnotationName] == commitSha, "Expected %s SHA, got %s", commitSha, annotations[UpdateShaAnnotationName])
+	assert.Assert(t, pullSecret == imagePullSecret, "Expected secret value to be %s, got %s", imagePullSecret, pullSecret)
 }
-
diff --git a/src/services/project/project.go b/src/services/project/project.go
index 5dd3d02..001208f 100644
--- a/src/services/project/project.go
+++ b/src/services/project/project.go
@@ -25,6 +25,7 @@ type Project struct {
 	Directory             string
 	RuntimeVersion        string
 	DefaultRuntimeVersion string
+	ImagePullSecrets      string
 	Resources             fs.FS
 }
 
@@ -43,13 +44,14 @@ func GuessAppName() *string {
 	return &name
 }
 
-func New(name string, directory string, runtimeVersion string, version string, resources fs.FS) Project {
+func New(name string, directory string, runtimeVersion string, version string, imagePullSecrets string, resources fs.FS) Project {
 	return Project{
-		Name:           name,
-		Directory:      directory,
-		RuntimeVersion: runtimeVersion,
-		Resources:      resources,
-		Version:        version,
+		Name:             name,
+		Directory:        directory,
+		RuntimeVersion:   runtimeVersion,
+		ImagePullSecrets: imagePullSecrets,
+		Resources:        resources,
+		Version:          version,
 	}
 }