diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0022-akamai-fix-base64-decoding.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0022-akamai-fix-base64-decoding.patch
new file mode 100644
index 0000000000..6248a53bcb
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/files/0022-akamai-fix-base64-decoding.patch
@@ -0,0 +1,48 @@
+From c39e78052f563bbbf6ed47c4ddab597562effe87 Mon Sep 17 00:00:00 2001
+From: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
+Date: Mon, 24 Jun 2024 16:38:09 +0200
+Subject: [PATCH] akamai: fix base64 decoding
+
+trailing \x00 character was making Ignition to fail parsing the config.
+It is not always the case, that is why we did not catch it earlier: when
+there is no padding in the base64 payload, everything was working.
+
+https://pkg.go.dev/encoding/base64#Encoding.Decode
+
+Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
+---
+ docs/release-notes.md               | 1 +
+ internal/providers/akamai/akamai.go | 5 +++--
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/docs/release-notes.md b/docs/release-notes.md
+index a73ea2a7c..c2a35dca9 100644
+--- a/docs/release-notes.md
++++ b/docs/release-notes.md
+@@ -14,6 +14,7 @@ nav_order: 9
+ 
+ ### Bug fixes
+ 
++- Fixed Akamai Ignition base64 decoding
+ 
+ ## Ignition 2.19.0 (2024-06-05)
+ 
+diff --git a/internal/providers/akamai/akamai.go b/internal/providers/akamai/akamai.go
+index c7debf3b1..648be3bee 100644
+--- a/internal/providers/akamai/akamai.go
++++ b/internal/providers/akamai/akamai.go
+@@ -86,11 +86,12 @@ func fetchConfig(f *resource.Fetcher) (types.Config, report.Report, error) {
+ 	// The Linode Metadata Service requires userdata to be base64-encoded
+ 	// when it is uploaded, so we will have to decode the response.
+ 	data := make([]byte, base64.StdEncoding.DecodedLen(len(encoded)))
+-	if _, err := base64.StdEncoding.Decode(data, encoded); err != nil {
++	n, err := base64.StdEncoding.Decode(data, encoded)
++	if err != nil {
+ 		return types.Config{}, report.Report{}, fmt.Errorf("decode base64: %w", err)
+ 	}
+ 
+-	return util.ParseConfig(f.Logger, data)
++	return util.ParseConfig(f.Logger, data[:n])
+ }
+ 
+ // defaultTokenTTL is the time-to-live (TTL; in seconds) for an authorization
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-2.19.0.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-2.19.0-r1.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-2.19.0.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-2.19.0-r1.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-9999.ebuild
index 75e03703be..735ca6979d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/ignition/ignition-9999.ebuild
@@ -61,6 +61,7 @@ PATCHES=(
 	"${FILESDIR}/0019-usr-share-oem-oem.patch"
 	"${FILESDIR}/0020-internal-exec-stages-mount-Mount-oem.patch"
 	"${FILESDIR}/0021-sgdisk-Run-partprobe-after-partition-changes.patch"
+	"${FILESDIR}/0022-akamai-fix-base64-decoding.patch"
 )
 
 src_compile() {