diff --git a/packages/container-vault-auth-tee/default.nix b/packages/container-vault-auth-tee/default.nix
index d3c172f..20a910b 100644
--- a/packages/container-vault-auth-tee/default.nix
+++ b/packages/container-vault-auth-tee/default.nix
@@ -14,12 +14,13 @@ pkgs.dockerTools.buildLayeredImage {
 
     paths = with pkgs.dockerTools; [
       vat.vault-auth-tee
+      vat.vault-auth-tee.sha
       vault
       usrBinEnv
       binSh
       caCertificates
       fakeNss
     ];
-    pathsToLink = [ "/bin" "/etc" ];
+    pathsToLink = [ "/bin" "/etc" "/share" ];
   };
 }
diff --git a/packages/vault-auth-tee/default.nix b/packages/vault-auth-tee/default.nix
index f4dbdba..8d480ea 100644
--- a/packages/vault-auth-tee/default.nix
+++ b/packages/vault-auth-tee/default.nix
@@ -10,6 +10,8 @@ pkgs.buildGoModule {
     nixsgx.sgx-dcap.quote_verify
   ];
 
+  outputs = [ "out" "sha" ];
+
   name = "vault-auth-tee";
   src = with lib.fileset; toSource {
     root = ./../..;
@@ -22,5 +24,10 @@ pkgs.buildGoModule {
     ];
   };
 
+  postInstall = ''
+    mkdir -p $sha/share
+    sha256sum $out/bin/vault-auth-tee | (read a _; echo $a) > $sha/share/vault-auth-tee.sha256
+  '';
+
   vendorHash = "sha256-t59C0yzJzFAXNXYOFbta2g5CYlkfvlukq42cxCwLaGY=";
 }