Signing docker images on push with own certificate



I am using drone to build and push images to my private DTR.

From docker engines, I can use notary Cli tool to sign docker image with my own certificates.

Notary Cli on host machine is setted up as it is described here:

So, from command line, when I export docker variable:

I can push signed image to dtr.

Is there some way to sign and push image via drone pipeline, and store in someway (maybe drone secret) passphrase for repository key (certificate)?

I suppose that I must set variable DOCKER_CONTENT_TRUST=1 to drone server/agent and mount cert path to docker plugin, but I got not signed image for now.

Drone server/client version is 0.7.