diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..6b9b3d4
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+# Local build artifacts
+builds
+web-vault
+
+# Documentation
+*.md
+*.txt
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..8b85e0c
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,48 @@
+# Compile the web vault using docker
+# Usage:
+#    docker build -t web_vault_build .
+#    image_id=$(docker create web_vault_build)
+#    docker cp $image_id:/bw_web_vault.tar.gz .
+#    docker rm $image_id
+#
+#    Note: you can use --build-arg to specify the version to build:
+#    docker build -t web_vault_build --build-arg VAULT_VERSION=master .
+
+FROM node:13.8.0-stretch as build
+
+# Prepare the folder to enable non-root, otherwise npm will refuse to run the postinstall
+RUN mkdir /vault
+RUN chown node:node /vault
+USER node
+
+# Can be a tag, release, but prefer a commit hash because it's not changeable
+# https://github.com/bitwarden/web/commit/$VAULT_VERSION
+ARG VAULT_VERSION=7e95e44f1d8e4a85c68afa0418163eac215be559
+
+RUN git clone https://github.com/bitwarden/web.git /vault
+WORKDIR /vault
+
+RUN git checkout "$VAULT_VERSION"
+
+COPY --chown=node:node patches /patches
+COPY --chown=node:node apply_patches.sh /apply_patches.sh
+
+RUN bash /apply_patches.sh
+
+# Build
+RUN npm install
+RUN npm audit fix
+RUN npm run dist
+
+# Delete debugging map files, optional
+# RUN find build -name "*.map" -delete
+
+# Prepare the final archives
+RUN mv build web-vault
+RUN tar -czvf "bw_web_vault.tar.gz" web-vault --owner=0 --group=0
+
+# We copy the final result as a separate image so there's no need to download all the intermediate steps
+FROM scratch
+COPY --from=build /vault/bw_web_vault.tar.gz /bw_web_vault.tar.gz
+# Added so docker create works
+CMD ["bash"]
diff --git a/apply_patches.sh b/apply_patches.sh
new file mode 100644
index 0000000..3507c4a
--- /dev/null
+++ b/apply_patches.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+set -o pipefail -o errexit
+
+# If a patch was not provided, try to choose one
+if [[ -z $PATCH_NAME ]]; then
+    # If a patch with the same name as the ref exists, use it
+    if [ -f "../patches/$VAULT_VERSION.patch" ]; then
+        echo "Patch file found, using that"
+        PATCH_NAME="$VAULT_VERSION.patch"
+    else
+        echo "Patch file not found, using latest"
+        # If not, use the latest one
+        PATCH_NAME="$(find ../patches -printf "%f\\n" | sort -V | tail -n1)"
+    fi
+fi
+
+echo "Using patch: $PATCH_NAME"
+git apply "../patches/$PATCH_NAME"
+echo "Patching successful!"
diff --git a/package_all.sh b/package_all.sh
deleted file mode 100755
index 4b4582a..0000000
--- a/package_all.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-
-export UPLOAD_VAULT="n"
-
-export WEB_REF="v2.5.0"
-bash package_web_vault.sh
-
-export WEB_REF="v2.6.0"
-bash package_web_vault.sh
-
-export WEB_REF="v2.6.1"
-bash package_web_vault.sh
-
-export WEB_REF="v2.7.0"
-bash package_web_vault.sh
-
-export WEB_REF="v2.7.1"
-bash package_web_vault.sh
-
-export WEB_REF="v2.8.0"
-bash package_web_vault.sh
diff --git a/package_web_vault.sh b/package_web_vault.sh
index c98df79..ece27a4 100755
--- a/package_web_vault.sh
+++ b/package_web_vault.sh
@@ -9,37 +9,14 @@ handle_error() {
 trap 'handle_error $LINENO $?' ERR
 
 # Ask for ref if not provided
-if [[ -z "$WEB_REF" ]]; then
+if [[ -z "$VAULT_VERSION" ]]; then
   read -rp "Input a git ref (commit hash, branch name, tag name, 'master'): " input
-  WEB_REF="$input"
+  VAULT_VERSION="$input"
 fi
 
-# Ask if the result will be uploaded to github releases
-if [[ -z $UPLOAD_VAULT ]]; then
-  read -rp "Upload the result to GitHub Releases? (y/n): " input
-  UPLOAD_VAULT="$input"
-fi
-
-# If a patch was not provided, try to choose one
-if [[ -z $PATCH_NAME ]]; then
-    # If a patch with the same name as the ref exists, use it
-    if [ -f "patches/$WEB_REF.patch" ]; then
-        echo "Patch file found, using that"
-        PATCH_NAME="$WEB_REF.patch"
-    else
-        echo "Patch file not found, using latest"
-        # If not, use the latest one
-        PATCH_NAME="$(find patches -printf "%f\\n" | sort -V | tail -n1)"
-    fi
-fi
-
-echo "Building git ref: $WEB_REF"
-echo "Using patch: $PATCH_NAME"
-
 VAULT_FOLDER=web-vault
 OUTPUT_FOLDER=builds
-OUTPUT_NAME="$OUTPUT_FOLDER/bw_web_$WEB_REF.tar.gz"
-OUTPUT_MSG="$OUTPUT_NAME.text"
+OUTPUT_NAME="$OUTPUT_FOLDER/bw_web_$VAULT_VERSION.tar.gz"
 
 mkdir -p "$OUTPUT_FOLDER"
 
@@ -58,15 +35,14 @@ git fetch --tags
 git pull origin master
 
 # Checkput the branch we want
-git checkout "$WEB_REF"
+git checkout "$VAULT_VERSION"
 git submodule update --recursive --init
 
 ## How to create patches
 # git --no-pager diff --no-color --minimal > changes.patch
 ## How to apply patches
 # git apply changes.patch
-
-git apply "../patches/$PATCH_NAME"
+. ../apply_patches.sh
 
 # Build
 npm install
@@ -78,12 +54,3 @@ npm run dist
 # Prepare the final archives
 mv build web-vault
 tar -czvf "../$OUTPUT_NAME" web-vault --owner=0 --group=0
-
-cd ..
-
-if [[ $UPLOAD_VAULT =~ ^[Yy]$ ]]
-then
-    sed "s/<VERSION>/$WEB_REF/g" release_template.md > "$OUTPUT_MSG"
-    # Install from here: https://hub.github.com/
-    hub release create -o -a "$OUTPUT_NAME" -F "$OUTPUT_MSG $WEB_REF"
-fi