diff --git a/pkg/envoy/extract.go b/pkg/envoy/extract.go
index be5961185..6c6be42ce 100644
--- a/pkg/envoy/extract.go
+++ b/pkg/envoy/extract.go
@@ -12,12 +12,15 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/rs/zerolog/log"
+
 	"github.com/pomerium/pomerium/pkg/envoy/files"
 )
 
 const (
 	ownerRX              = os.FileMode(0o500)
 	maxExpandedEnvoySize = 1 << 30
+	envoyPrefix          = "pomerium-envoy"
 )
 
 type hashReader struct {
@@ -53,17 +56,20 @@ func Extract() (fullEnvoyPath string, err error) {
 		return setupFullEnvoyPath, setupErr
 	}
 
-	dir, err := os.MkdirTemp(os.TempDir(), "pomerium-envoy")
+	tmpDir := os.TempDir()
+
+	cleanTempDir(tmpDir)
+	dir, err := os.MkdirTemp(tmpDir, envoyPrefix)
 	if err != nil {
 		setupErr = fmt.Errorf("envoy: failed making temporary working dir: %w", err)
-		return
+		return setupFullEnvoyPath, setupErr
 	}
 	setupFullEnvoyPath = filepath.Join(dir, "envoy")
 
 	err = extract(setupFullEnvoyPath)
 	if err != nil {
 		setupErr = fmt.Errorf("envoy: failed to extract embedded envoy binary: %w", err)
-		return
+		return setupFullEnvoyPath, setupErr
 	}
 
 	setupDone = true
@@ -97,3 +103,27 @@ func extract(dstName string) (err error) {
 	}
 	return nil
 }
+
+func cleanTempDir(tmpDir string) {
+	d, err := os.Open(tmpDir)
+	if err != nil {
+		log.Warn().Msg("envoy: failed to open temp directory for clean up")
+		return
+	}
+	defer d.Close()
+
+	fs, err := d.Readdir(-1)
+	if err != nil {
+		log.Warn().Msg("envoy: failed to read files in temporary directory")
+		return
+	}
+
+	for _, f := range fs {
+		if f.IsDir() && strings.HasPrefix(f.Name(), envoyPrefix) {
+			err := os.RemoveAll(filepath.Join(tmpDir, f.Name()))
+			if err != nil {
+				log.Warn().Err(err).Msg("envoy: failed to delete previous extracted envoy")
+			}
+		}
+	}
+}
diff --git a/pkg/envoy/extract_test.go b/pkg/envoy/extract_test.go
new file mode 100644
index 000000000..bfb1de135
--- /dev/null
+++ b/pkg/envoy/extract_test.go
@@ -0,0 +1,31 @@
+package envoy
+
+import (
+	"io/fs"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestClean(t *testing.T) {
+	t.Parallel()
+
+	tmpDir := t.TempDir()
+	d1, err := os.MkdirTemp(tmpDir, envoyPrefix)
+	require.NoError(t, err)
+	d2, err := os.MkdirTemp(tmpDir, envoyPrefix)
+	require.NoError(t, err)
+	d3, err := os.MkdirTemp(tmpDir, envoyPrefix)
+	require.NoError(t, err)
+
+	cleanTempDir(tmpDir)
+
+	_, err = os.Stat(d1)
+	assert.ErrorIs(t, err, fs.ErrNotExist)
+	_, err = os.Stat(d2)
+	assert.ErrorIs(t, err, fs.ErrNotExist)
+	_, err = os.Stat(d3)
+	assert.ErrorIs(t, err, fs.ErrNotExist)
+}