diff --git a/internal/kuberesource/sets.go b/internal/kuberesource/sets.go
index 9b8ebaa1b9..f638158e57 100644
--- a/internal/kuberesource/sets.go
+++ b/internal/kuberesource/sets.go
@@ -522,7 +522,7 @@ func VolumeStatefulSet() []any {
 						WithInitContainers(
 							Container().
 								WithName("volume-tester-init").
-								WithImage("ghcr.io/edgelesssys/contrast/initializer:latest").
+								WithImage("ghcr.io/edgelesssys/contrast/cryptsetup:latest").
 								WithCommand("/bin/sh", "-c", CryptsetupInitCommand()).
 								WithVolumeDevices(
 									applycorev1.VolumeDevice().
@@ -563,7 +563,7 @@ func VolumeStatefulSet() []any {
 						WithContainers(
 							Container().
 								WithName("volume-tester").
-								WithImage("ghcr.io/edgelesssys/contrast/initializer:latest").
+								WithImage("ghcr.io/edgelesssys/contrast/cryptsetup:latest").
 								WithCommand("/bin/sh", "-c", "sleep inf").
 								WithVolumeMounts(
 									VolumeMount().
@@ -617,7 +617,7 @@ func MySQL() []any {
 						WithInitContainers(
 							Container().
 								WithName("luks-setup").
-								WithImage("ghcr.io/edgelesssys/contrast/initializer:latest").
+								WithImage("ghcr.io/edgelesssys/contrast/cryptsetup:latest").
 								WithCommand("/bin/sh", "-c", CryptsetupInitCommand()).
 								WithVolumeDevices(
 									applycorev1.VolumeDevice().
diff --git a/packages/containers.nix b/packages/containers.nix
index df233e2134..533448c943 100644
--- a/packages/containers.nix
+++ b/packages/containers.nix
@@ -57,16 +57,7 @@ let
     initializer = dockerTools.buildImage {
       name = "initializer";
       tag = "v${pkgs.contrast.version}";
-      copyToRoot =
-        (with pkgs; [
-          busybox
-          cryptsetup
-          e2fsprogs # mkfs.ext4
-          mount
-          util-linux # blkid
-          openssl
-        ])
-        ++ (with dockerTools; [ caCertificates ]);
+      copyToRoot = with dockerTools; [ caCertificates ];
       config = {
         Cmd = [ "${pkgs.contrast.initializer}/bin/initializer" ];
         Env = [ "PATH=/bin" ]; # This is only here for policy generation.
@@ -87,6 +78,23 @@ let
       };
     };
 
+    cryptsetup = dockerTools.buildImage {
+      name = "cryptsetup";
+      tag = "v${pkgs.contrast.version}";
+      copyToRoot = with pkgs; [
+        busybox
+        cryptsetup
+        e2fsprogs # mkfs.ext4
+        mount
+        util-linux # blkid
+        openssl
+      ];
+      config = {
+        Cmd = [ "bash" ];
+        Env = [ "PATH=/bin" ]; # This is only here for policy generation.
+      };
+    };
+
     port-forwarder = dockerTools.buildImage {
       name = "port-forwarder";
       tag = "v${pkgs.contrast.version}";