Docker Workload Attestor
The Docker attestor identifies workloads by querying the Docker daemon for the container that owns the requesting process.
Configuration
Enable the Docker attestor in the WorkloadAttestation section:
section: WorkloadAttestation
schema: v1
spec:
docker:
enabled: true
| Field | Default | Description |
|---|---|---|
docker.enabled | false | Enable or disable Docker attestation |
Attributes
The following attributes are collected for workloads running in Docker and can be used in path templates, JWT custom claims, and X.509 Subject customization. Some attributes are restricted to specific surfaces — see the Notes column.
| Docker Attribute | Path Template Variable | Notes |
|---|---|---|
| Container Image | docker.container.image | Full image reference (e.g. nginx:1.25). Not available in path templates. |
| Container Label | docker.container.label.<label_key> |