diff --git a/.gitignore b/.gitignore
index 9a877a6b..e9fedb69 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 built-*
 assets
 .idea
+.DS_Store
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 53aefbfa..cf1f2ae8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:alpine as builder
+FROM golang:1.11.4-alpine3.8 as builder
 COPY . /go/src/github.com/concourse/semver-resource
 ENV CGO_ENABLED 0
 RUN go build -o /assets/in github.com/concourse/semver-resource/in
@@ -9,7 +9,7 @@ RUN set -e; for pkg in $(go list ./...); do \
 		go test -o "/tests/$(basename $pkg).test" -c $pkg; \
 	done
 
-FROM alpine:edge AS resource
+FROM alpine:3.8 AS resource
 RUN apk add --no-cache bash tzdata ca-certificates git jq openssh
 RUN git config --global user.email "git@localhost"
 RUN git config --global user.name "git"
diff --git a/driver/driver.go b/driver/driver.go
index 2a49478e..f8d889f7 100644
--- a/driver/driver.go
+++ b/driver/driver.go
@@ -3,10 +3,10 @@ package driver
 import (
 	"crypto/tls"
 	"fmt"
+	"github.com/aws/aws-sdk-go/aws/credentials"
 	"net/http"
 
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/s3"
 	"github.com/blang/semver"
@@ -37,13 +37,6 @@ func FromSource(source models.Source) (Driver, error) {
 
 	switch source.Driver {
 	case models.DriverUnspecified, models.DriverS3:
-		var creds *credentials.Credentials
-
-		if source.AccessKeyID == "" && source.SecretAccessKey == "" {
-			creds = credentials.AnonymousCredentials
-		} else {
-			creds = credentials.NewStaticCredentials(source.AccessKeyID, source.SecretAccessKey, "")
-		}
 
 		regionName := source.RegionName
 		if len(regionName) == 0 {
@@ -61,7 +54,6 @@ func FromSource(source models.Source) (Driver, error) {
 
 		awsConfig := &aws.Config{
 			Region:           aws.String(regionName),
-			Credentials:      creds,
 			S3ForcePathStyle: aws.Bool(true),
 			MaxRetries:       aws.Int(maxRetries),
 			DisableSSL:       aws.Bool(source.DisableSSL),
@@ -72,15 +64,23 @@ func FromSource(source models.Source) (Driver, error) {
 			awsConfig.Endpoint = aws.String(source.Endpoint)
 		}
 
-		svc := s3.New(session.New(awsConfig))
+		sess := session.Must(session.NewSession())
+		if source.AccessKeyID != "" && source.SecretAccessKey != "" {
+			// If nothing is provided use the default cred chain.
+			creds := credentials.NewStaticCredentials(source.AccessKeyID, source.SecretAccessKey, "")
+			awsConfig.Credentials = creds
+		} else {
+			println("Using default credential chain for authentication.")
+		}
+
+		svc := s3.New(sess, awsConfig)
 
 		if source.UseV2Signing {
 			setv2Handlers(svc)
 		}
 
 		return &S3Driver{
-			InitialVersion: initialVersion,
-
+			InitialVersion:       initialVersion,
 			Svc:                  svc,
 			BucketName:           source.Bucket,
 			Key:                  source.Key,
@@ -90,15 +90,14 @@ func FromSource(source models.Source) (Driver, error) {
 	case models.DriverGit:
 		return &GitDriver{
 			InitialVersion: initialVersion,
-
-			URI:           source.URI,
-			Branch:        source.Branch,
-			PrivateKey:    source.PrivateKey,
-			Username:      source.Username,
-			Password:      source.Password,
-			File:          source.File,
-			GitUser:       source.GitUser,
-			CommitMessage: source.CommitMessage,
+			URI:            source.URI,
+			Branch:         source.Branch,
+			PrivateKey:     source.PrivateKey,
+			Username:       source.Username,
+			Password:       source.Password,
+			File:           source.File,
+			GitUser:        source.GitUser,
+			CommitMessage:  source.CommitMessage,
 		}, nil
 
 	case models.DriverSwift:
diff --git a/driver/git.go b/driver/git.go
index 26c5c80b..d72d544c 100644
--- a/driver/git.go
+++ b/driver/git.go
@@ -18,7 +18,7 @@ var gitRepoDir string
 var privateKeyPath string
 var netRcPath string
 
-var ErrEncryptedKey = errors.New("private keys with passphrases are not supported")
+var ErrKey = errors.New("unable to process private key, is it password protected?")
 
 func init() {
 	gitRepoDir = filepath.Join(os.TempDir(), "semver-git-repo")
@@ -214,16 +214,34 @@ func (driver *GitDriver) setUpKey() error {
 	}
 
 	if isPrivateKeyEncrypted(privateKeyPath) {
-		return ErrEncryptedKey
+		return ErrKey
 	}
 
 	return os.Setenv("GIT_SSH_COMMAND", "ssh -o StrictHostKeyChecking=no -i "+privateKeyPath)
 }
 
 func isPrivateKeyEncrypted(path string) bool {
+	chmod := exec.Command("chmod", "400", path)
+	_, err := chmod.CombinedOutput()
+
+	if err != nil {
+		return false
+	}
+
+	cleanup := exec.Command("echo", "''", ">>", path )
+	_, err = cleanup.CombinedOutput()
+
+	if err != nil {
+		return false
+	}
+
 	passphrase := ``
-	cmd := exec.Command(`ssh-keygen`, `-y`, `-f`, path, `-P`, passphrase)
-	err := cmd.Run()
+	cmd := exec.Command("ssh-keygen", "-y", "-f", path, "-P", passphrase)
+	err = cmd.Run()
+
+	if err != nil {
+		println("Error attempting to access private key. ", err.Error())
+	}
 
 	return err != nil
 }