diff --git a/lib/kamal/commands/builder/base.rb b/lib/kamal/commands/builder/base.rb
index 636fe4f4..d551520b 100644
--- a/lib/kamal/commands/builder/base.rb
+++ b/lib/kamal/commands/builder/base.rb
@@ -6,7 +6,7 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
   delegate :argumentize, to: Kamal::Utils
   delegate \
     :args, :secrets, :dockerfile, :target, :arches, :local_arches, :remote_arches, :remote,
-    :cache_from, :cache_to, :ssh, :driver, :docker_driver?,
+    :cache_from, :cache_to, :ssh, :provenance, :driver, :docker_driver?,
     to: :builder_config
 
   def clean
@@ -37,7 +37,7 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
   end
 
   def build_options
-    [ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh ]
+    [ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh, *builder_provenance ]
   end
 
   def build_context
@@ -97,6 +97,10 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
       argumentize "--ssh", ssh if ssh.present?
     end
 
+    def builder_provenance
+      argumentize "--provenance", provenance unless provenance.nil?
+    end
+
     def builder_config
       config.builder
     end
diff --git a/lib/kamal/configuration/builder.rb b/lib/kamal/configuration/builder.rb
index a395e228..d2f244db 100644
--- a/lib/kamal/configuration/builder.rb
+++ b/lib/kamal/configuration/builder.rb
@@ -111,6 +111,10 @@ class Kamal::Configuration::Builder
     builder_config["ssh"]
   end
 
+  def provenance
+    builder_config["provenance"]
+  end
+
   def git_clone?
     Kamal::Git.used? && builder_config["context"].nil?
   end
diff --git a/lib/kamal/configuration/docs/builder.yml b/lib/kamal/configuration/docs/builder.yml
index cdde194f..2aefd006 100644
--- a/lib/kamal/configuration/docs/builder.yml
+++ b/lib/kamal/configuration/docs/builder.yml
@@ -104,3 +104,9 @@ builder:
   #
   # The build driver to use, defaults to `docker-container`
   driver: docker
+
+  # Provenance
+  #
+  # It is used to configure provenance attestations for the build result.
+  # The value can also be a boolean to enable or disable provenance attestations.
+  provenance: mode=max