diff --git a/lib/modules/manager/poetry/artifacts.spec.ts b/lib/modules/manager/poetry/artifacts.spec.ts
index da2f69ad46433c1f2a61bc24ac7a3515306b72e6..46b511a3b0a0132e8865e66f01d7f09776c7e469 100644
--- a/lib/modules/manager/poetry/artifacts.spec.ts
+++ b/lib/modules/manager/poetry/artifacts.spec.ts
@@ -80,6 +80,7 @@ describe('modules/manager/poetry/artifacts', () => {
   describe('updateArtifacts', () => {
     beforeEach(() => {
       env.getChildProcessEnv.mockReturnValue(envMock.basic);
+      hostRules.getAll.mockReturnValue([]);
       GlobalConfig.set(adminConfig);
       docker.resetPrefetchedImages();
     });
@@ -197,7 +198,7 @@ describe('modules/manager/poetry/artifacts', () => {
           },
         },
       ]);
-      expect(hostRules.find.mock.calls).toHaveLength(4);
+      expect(hostRules.find.mock.calls).toHaveLength(5);
       expect(execSnapshots).toMatchObject([
         { cmd: 'poetry update --lock --no-interaction dep1' },
       ]);
@@ -338,6 +339,95 @@ describe('modules/manager/poetry/artifacts', () => {
       ]);
     });
 
+    it('supports docker mode with github credentials', async () => {
+      GlobalConfig.set({
+        ...adminConfig,
+        binarySource: 'docker',
+        dockerSidecarImage: 'ghcr.io/containerbase/sidecar',
+      });
+      hostRules.find.mockReturnValueOnce({
+        token: 'some-token',
+      });
+      hostRules.getAll.mockReturnValueOnce([
+        {
+          token: 'some-token',
+          hostType: 'github',
+          matchHost: 'api.github.com',
+        },
+        { token: 'some-other-token', matchHost: 'https://gitea.com' },
+      ]);
+      const execSnapshots = mockExecAll();
+      fs.ensureCacheDir.mockResolvedValueOnce('/tmp/renovate/cache/others/pip');
+      // poetry.lock
+      fs.getSiblingFileName.mockReturnValueOnce('poetry.lock');
+      fs.readLocalFile.mockResolvedValueOnce('[metadata]\n');
+      fs.readLocalFile.mockResolvedValueOnce('New poetry.lock');
+      // python
+      datasource.getPkgReleases.mockResolvedValueOnce({
+        releases: [{ version: '2.7.5' }, { version: '3.4.2' }],
+      });
+      // poetry
+      datasource.getPkgReleases.mockResolvedValueOnce({
+        releases: [{ version: '1.2.0' }],
+      });
+      const updatedDeps = [{ depName: 'dep1' }];
+      expect(
+        await updateArtifacts({
+          packageFileName: 'pyproject.toml',
+          updatedDeps,
+          newPackageFileContent: pyproject1toml,
+          config: {
+            ...config,
+            constraints: {
+              python: '~2.7 || ^3.4',
+            },
+          },
+        })
+      ).toEqual([
+        {
+          file: {
+            type: 'addition',
+            path: 'poetry.lock',
+            contents: 'New poetry.lock',
+          },
+        },
+      ]);
+      expect(execSnapshots).toMatchObject([
+        { cmd: 'docker pull ghcr.io/containerbase/sidecar' },
+        { cmd: 'docker ps --filter name=renovate_sidecar -aq' },
+        {
+          cmd:
+            'docker run --rm --name=renovate_sidecar --label=renovate_child ' +
+            '-v "/tmp/github/some/repo":"/tmp/github/some/repo" ' +
+            '-v "/tmp/cache":"/tmp/cache" ' +
+            '-e GIT_CONFIG_KEY_0 ' +
+            '-e GIT_CONFIG_VALUE_0 ' +
+            '-e GIT_CONFIG_KEY_1 ' +
+            '-e GIT_CONFIG_VALUE_1 ' +
+            '-e GIT_CONFIG_KEY_2 ' +
+            '-e GIT_CONFIG_VALUE_2 ' +
+            '-e GIT_CONFIG_COUNT ' +
+            '-e GIT_CONFIG_KEY_3 ' +
+            '-e GIT_CONFIG_VALUE_3 ' +
+            '-e GIT_CONFIG_KEY_4 ' +
+            '-e GIT_CONFIG_VALUE_4 ' +
+            '-e GIT_CONFIG_KEY_5 ' +
+            '-e GIT_CONFIG_VALUE_5 ' +
+            '-e PIP_CACHE_DIR ' +
+            '-e CONTAINERBASE_CACHE_DIR ' +
+            '-w "/tmp/github/some/repo" ' +
+            'ghcr.io/containerbase/sidecar ' +
+            'bash -l -c "' +
+            'install-tool python 3.4.2 ' +
+            '&& ' +
+            'install-tool poetry 1.2.0 ' +
+            '&& ' +
+            'poetry update --lock --no-interaction dep1' +
+            '"',
+        },
+      ]);
+    });
+
     it('returns updated poetry.lock using docker (constraints)', async () => {
       GlobalConfig.set({
         ...adminConfig,
diff --git a/lib/modules/manager/poetry/artifacts.ts b/lib/modules/manager/poetry/artifacts.ts
index 74a177073f09e6fa164f05ceb237d007decb6ff9..364121b8ffd086fb1ad5ee81df0cf33b3acdf20a 100644
--- a/lib/modules/manager/poetry/artifacts.ts
+++ b/lib/modules/manager/poetry/artifacts.ts
@@ -13,6 +13,7 @@ import {
   readLocalFile,
   writeLocalFile,
 } from '../../../util/fs';
+import { getGitEnvironmentVariables } from '../../../util/git/auth';
 import { find } from '../../../util/host-rules';
 import { regEx } from '../../../util/regex';
 import { Result } from '../../../util/result';
@@ -115,9 +116,9 @@ function getMatchingHostRule(url: string | undefined): HostRule {
 function getSourceCredentialVars(
   pyprojectContent: string,
   packageFileName: string
-): Record<string, string> {
+): NodeJS.ProcessEnv {
   const poetrySources = getPoetrySources(pyprojectContent, packageFileName);
-  const envVars: Record<string, string> = {};
+  const envVars: NodeJS.ProcessEnv = {};
 
   for (const source of poetrySources) {
     const matchingHostRule = getMatchingHostRule(source.url);
@@ -185,6 +186,7 @@ export async function updateArtifacts({
       getPoetryRequirement(newPackageFileContent, existingLockFileContent);
     const extraEnv = {
       ...getSourceCredentialVars(newPackageFileContent, packageFileName),
+      ...getGitEnvironmentVariables(['poetry']),
       PIP_CACHE_DIR: await ensureCacheDir('pip'),
     };