diff --git a/_docs/data/data.yaml b/_docs/data/data.yaml
index 3d4b8ef..fc341e2 100644
--- a/_docs/data/data.yaml
+++ b/_docs/data/data.yaml
@@ -255,3 +255,8 @@ properties:
     description: Labels to add to the image.
     type: list
     required: false
+
+  - name: provenance
+    description: Generate [provenance](https://docs.docker.com/build/attestations/slsa-provenance/) attestation for the build (shorthand for `--attest=type=provenance`).
+    type: string
+    required: false
diff --git a/cmd/drone-docker-buildx/config.go b/cmd/drone-docker-buildx/config.go
index c51f39e..04db420 100644
--- a/cmd/drone-docker-buildx/config.go
+++ b/cmd/drone-docker-buildx/config.go
@@ -305,5 +305,12 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
 			Destination: &settings.Build.Labels,
 			Category:    category,
 		},
+		&cli.StringFlag{
+			Name:        "provenance",
+			EnvVars:     []string{"PLUGIN_PROVENANCE"},
+			Usage:       "generates provenance attestation for the build",
+			Destination: &settings.Build.Provenance,
+			Category:    category,
+		},
 	}
 }
diff --git a/plugin/docker.go b/plugin/docker.go
index 7e08116..c505248 100644
--- a/plugin/docker.go
+++ b/plugin/docker.go
@@ -131,6 +131,10 @@ func commandBuild(build Build, dryrun bool) *exec.Cmd {
 		args = append(args, "--label", arg)
 	}
 
+	if build.Provenance != "" {
+		args = append(args, "--provenance", build.Provenance)
+	}
+
 	return exec.Command(dockerExe, args...)
 }
 
diff --git a/plugin/impl.go b/plugin/impl.go
index cfd826a..2cb10bf 100644
--- a/plugin/impl.go
+++ b/plugin/impl.go
@@ -63,6 +63,7 @@ type Build struct {
 	Output       string          // Docker build output folder
 	NamedContext cli.StringSlice // Docker build named context
 	Labels       cli.StringSlice // Docker build labels
+	Provenance   string          // Docker build provenance attestation
 }
 
 // Settings for the Plugin.