diff --git a/charts/spire/charts/spire-agent/README.md b/charts/spire/charts/spire-agent/README.md
index 3b905050a..eec75425c 100644
--- a/charts/spire/charts/spire-agent/README.md
+++ b/charts/spire/charts/spire-agent/README.md
@@ -35,5 +35,6 @@ A Helm chart to install the SPIRE agent.
 | waitForIt.image.repository | string | `"chainguard/wait-for-it"` |  |
 | waitForIt.image.version | string | `"latest-20230113"` |  |
 | waitForIt.resources | object | `{}` |  |
+| workloadAttestors.unix.enabled | bool | `false` | enables the Unix workload attestor |
 
 ----------------------------------------------
diff --git a/charts/spire/charts/spire-agent/templates/configmap.yaml b/charts/spire/charts/spire-agent/templates/configmap.yaml
index 55d4e78b7..921762f70 100644
--- a/charts/spire/charts/spire-agent/templates/configmap.yaml
+++ b/charts/spire/charts/spire-agent/templates/configmap.yaml
@@ -36,10 +36,12 @@ data:
         }
       }
 
+      {{- if .Values.workloadAttestors.unix.enabled }}
       WorkloadAttestor "unix" {
           plugin_data {
           }
       }
+      {{- end }}
     }
 
     health_checks {
diff --git a/charts/spire/charts/spire-agent/values.yaml b/charts/spire/charts/spire-agent/values.yaml
index 607e04f52..400f2c3a6 100644
--- a/charts/spire/charts/spire-agent/values.yaml
+++ b/charts/spire/charts/spire-agent/values.yaml
@@ -68,3 +68,10 @@ waitForIt:
     pullPolicy: IfNotPresent
     version: latest-20230113
   resources: {}
+
+# workloadAttestors determine a workload's properties and then generate a set of selectors associated with it.
+workloadAttestors:
+  # unix is a workload attestor which generates unix-based selectors like 'uid' and 'gid'.
+  unix:
+    # -- enables the Unix workload attestor
+    enabled: false