diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4e4c1283..e1b8dd24 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -19,6 +19,8 @@ variables:
   ACS_TEST: 0
   # The list of extra Kas fragments to be used when building
   EXTRA_KAS_FILES: ""
+  # The NVD API key to use when fetching CVEs
+  NVDCVE_API_KEY: ""
 
 stages:
   - prep
diff --git a/ci/cve.yml b/ci/cve.yml
index 381f8557..e2aca0e1 100644
--- a/ci/cve.yml
+++ b/ci/cve.yml
@@ -5,6 +5,9 @@ local_conf_header:
   cve: |
     INHERIT += "cve-check"
 
+    # Allow the runner environment to provide an API key
+    NVDCVE_API_KEY = "${@d.getVar('BB_ORIGENV').getVar('NVDCVE_API_KEY') or ''}"
+
     # Just show the warnings for our layers
     CVE_CHECK_SHOW_WARNINGS = "0"
     CVE_CHECK_SHOW_WARNINGS:layer-arm-toolchain = "1"