diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml
index 9797dea..539de76 100644
--- a/.circleci/test-deploy.yml
+++ b/.circleci/test-deploy.yml
@@ -11,6 +11,9 @@ promotion_requires: &promotion_requires
     test-credentials-store-docker,
     test-credentials-store-machine,
     test-credentials-store-macos,
+    test-credentials-store-docker-custom-tag,
+    test-credentials-store-machine-custom-tag,
+    test-credentials-store-macos-custom-tag,
     publish-machine,
     publish-docker-cache,
     publish-docker-cache-not-found,
@@ -130,10 +133,14 @@ jobs:
         type: env_var_name
       docker-password:
         type: env_var_name
+      release-tag:
+        type: string
+        default: ""
     executor: <<parameters.executor>>
     steps:
       - docker/install-docker-credential-helper:
           helper-name: <<parameters.helper-name>>
+          release-tag: <<parameters.release-tag>>
       - docker/configure-docker-credentials-store:
           helper-name: <<parameters.helper-name>>
       - run:
@@ -337,6 +344,33 @@ workflows:
           pre-steps:
             - docker/install-docker
           filters: *filters
+      - test-credentials-store:
+          name: test-credentials-store-docker-custom-tag
+          executor: docker-latest
+          context: CPE-orb-docker-testing
+          helper-name: pass
+          docker-username: DOCKER_USER
+          docker-password: DOCKER_PASS
+          release-tag: "v0.6.4"
+          filters: *filters
+      - test-credentials-store:
+          name: test-credentials-store-machine-custom-tag
+          executor: machine-latest
+          context: CPE-orb-docker-testing
+          docker-username: DOCKER_USER
+          docker-password: DOCKER_PASS
+          release-tag: "v0.6.4"
+          filters: *filters
+      - test-credentials-store:
+          name: test-credentials-store-macos-custom-tag
+          executor: macos-latest
+          context: CPE-orb-docker-testing
+          docker-username: DOCKER_USER
+          docker-password: DOCKER_PASS
+          release-tag: "v0.6.4"
+          pre-steps:
+            - docker/install-docker
+          filters: *filters
       # end test-credentials-store
 
       # begin docker/publish
@@ -518,4 +552,4 @@ executors:
       image: ubuntu-2004:202010-01
   machine-latest:
     machine:
-      image: ubuntu-2004:current
+      image: ubuntu-2004:current
\ No newline at end of file
diff --git a/src/scripts/build.sh b/src/scripts/build.sh
index c83fd32..08e0108 100644
--- a/src/scripts/build.sh
+++ b/src/scripts/build.sh
@@ -71,6 +71,7 @@ old_ifs="$IFS"
 IFS=' '
 
 set -x
+# shellcheck disable=SC2048 # We want word splitting here.
 docker build ${build_args[*]}
 set +x
 
diff --git a/src/scripts/hadolint.sh b/src/scripts/hadolint.sh
index 44378ee..be375c6 100644
--- a/src/scripts/hadolint.sh
+++ b/src/scripts/hadolint.sh
@@ -1,9 +1,11 @@
 if [ -n "$PARAM_IGNORE_RULES" ]; then
-  readonly ignore_rules=$(printf '%s' "--ignore ${PARAM_IGNORE_RULES//,/ --ignore }")
+  ignore_rules=$(printf '%s' "--ignore ${PARAM_IGNORE_RULES//,/ --ignore }")
+  readonly ignore_rules
 fi
 
 if [ -n "$PARAM_TRUSTED_REGISTRIES" ]; then
-  readonly trusted_registries=$(printf '%s' "--trusted-registry ${PARAM_TRUSTED_REGISTRIES//,/ --trusted-registry }")
+  trusted_registries=$(printf '%s' "--trusted-registry ${PARAM_TRUSTED_REGISTRIES//,/ --trusted-registry }")
+  readonly trusted_registries
 fi
 
 printf '%s\n' "Running hadolint with the following options..."
diff --git a/src/scripts/install-docker-credential-helper.sh b/src/scripts/install-docker-credential-helper.sh
index af1600e..d9d000d 100644
--- a/src/scripts/install-docker-credential-helper.sh
+++ b/src/scripts/install-docker-credential-helper.sh
@@ -2,11 +2,14 @@
 
 HELPER_NAME="$PARAM_HELPER_NAME"
 
+if uname | grep -q "Darwin"; then platform="darwin"
+else platform="linux"
+fi
+
+# Infer helper name from the platform
 if [ -z "${HELPER_NAME}" ]; then
-  if uname | grep -q "Darwin"; then
-    HELPER_NAME="osxkeychain"
-  else
-    HELPER_NAME="pass"
+  if [ "$platform" = "darwin" ]; then HELPER_NAME="osxkeychain"
+  else HELPER_NAME="pass"
   fi
 fi
 
@@ -55,17 +58,28 @@ echo "Downloading credential helper $HELPER_FILENAME"
 BIN_PATH="/usr/local/bin"
 mkdir -p "$BIN_PATH"
 RELEASE_TAG="$PARAM_RELEASE_TAG"
-RELEASE_VERSION=$(curl -Ls --fail --retry 3 -o /dev/null -w '%{url_effective}' "https://github.com/docker/docker-credential-helpers/releases/latest" | sed 's:.*/::')
+base_url="https://github.com/docker/docker-credential-helpers/releases"
+RELEASE_VERSION=$(curl -Ls --fail --retry 3 -o /dev/null -w '%{url_effective}' "$base_url/latest" | sed 's:.*/::')
 if [ -n "${RELEASE_TAG}" ]; then
   RELEASE_VERSION="${RELEASE_TAG}"
 fi
-DOWNLOAD_URL="https://github.com/docker/docker-credential-helpers/releases/download/${RELEASE_VERSION}/${HELPER_FILENAME}-${RELEASE_VERSION}-amd64.tar.gz"
 
-echo "Downloading from url: $DOWNLOAD_URL"
-curl -L -o "${HELPER_FILENAME}_archive" "$DOWNLOAD_URL"
-tar xvf "./${HELPER_FILENAME}_archive"
-chmod +x "./$HELPER_FILENAME"
+# Starting from v0.7.0, the release file name is changed to docker-credential-<helper-name>-<os>-<arch>
+minor_version="$(echo "$RELEASE_VERSION" | cut -d. -f2)"
+download_base_url="$base_url/download/${RELEASE_VERSION}/${HELPER_FILENAME}-${RELEASE_VERSION}"
 
+if [ "$minor_version" -gt 6 ]; then
+  DOWNLOAD_URL="$download_base_url.$platform-amd64"
+  echo "Downloading from url: $DOWNLOAD_URL"
+  curl -L -o "${HELPER_FILENAME}" "$DOWNLOAD_URL"
+else
+  DOWNLOAD_URL="$download_base_url-amd64.tar.gz"
+  echo "Downloading from url: $DOWNLOAD_URL"
+  curl -L -o "${HELPER_FILENAME}_archive" "$DOWNLOAD_URL"
+  tar xvf "./${HELPER_FILENAME}_archive"
+  rm "./${HELPER_FILENAME}_archive"
+fi
+
+chmod +x "./$HELPER_FILENAME"
 $SUDO mv "./$HELPER_FILENAME" "$BIN_PATH/$HELPER_FILENAME"
-"$BIN_PATH/$HELPER_FILENAME" version
-rm "./${HELPER_FILENAME}_archive"
\ No newline at end of file
+"$BIN_PATH/$HELPER_FILENAME" version
\ No newline at end of file