diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock
index 029c677fd5..605c60f7d7 100644
--- a/src/agent/Cargo.lock
+++ b/src/agent/Cargo.lock
@@ -274,7 +274,7 @@ dependencies = [
  "serde_json",
  "sha2 0.10.5",
  "shadow-rs 0.16.3",
- "strum 0.24.1",
+ "strum",
  "tonic-build 0.8.0",
 ]
 
@@ -322,7 +322,7 @@ dependencies = [
  "matchit",
  "memchr",
  "mime",
- "percent-encoding 2.1.0",
+ "percent-encoding",
  "pin-project-lite",
  "serde",
  "sync_wrapper",
@@ -1247,7 +1247,7 @@ dependencies = [
  "der 0.3.5",
  "elliptic-curve",
  "hmac 0.11.0",
- "signature 1.3.2",
+ "signature",
 ]
 
 [[package]]
@@ -1256,7 +1256,7 @@ version = "1.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1e9c280362032ea4203659fc489832d0204ef09f247a0506f170dafcac08c369"
 dependencies = [
- "signature 1.3.2",
+ "signature",
 ]
 
 [[package]]
@@ -1466,7 +1466,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5fc25a87fa4fd2094bffb06925852034d90a17f0d1e05197d4956d3555752191"
 dependencies = [
  "matches",
- "percent-encoding 2.1.0",
+ "percent-encoding",
 ]
 
 [[package]]
@@ -1577,7 +1577,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9"
 dependencies = [
  "typenum",
- "version_check 0.9.4",
+ "version_check",
 ]
 
 [[package]]
@@ -1648,7 +1648,7 @@ dependencies = [
  "libc",
  "libgit2-sys",
  "log",
- "url 2.2.2",
+ "url",
 ]
 
 [[package]]
@@ -1859,22 +1859,6 @@ dependencies = [
  "tokio-native-tls",
 ]
 
-[[package]]
-name = "hyperx"
-version = "1.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5617e92fc2f2501c3e2bc6ce547cad841adba2bae5b921c7e52510beca6d084c"
-dependencies = [
- "base64",
- "bytes 1.1.0",
- "http",
- "httpdate",
- "language-tags",
- "mime",
- "percent-encoding 2.1.0",
- "unicase 2.6.0",
-]
-
 [[package]]
 name = "iana-time-zone"
 version = "0.1.47"
@@ -1905,17 +1889,6 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39"
 
-[[package]]
-name = "idna"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38f09e0f0b1fb55fdee1f17470ad800da77af5186a1a76c026b679358b7e844e"
-dependencies = [
- "matches",
- "unicode-bidi",
- "unicode-normalization",
-]
-
 [[package]]
 name = "idna"
 version = "0.2.3"
@@ -1930,27 +1903,38 @@ dependencies = [
 [[package]]
 name = "image-rs"
 version = "0.1.0"
-source = "git+https://github.com/confidential-containers/image-rs?tag=v0.2.0#3aca6fd576f50b9e960309caddeb9d91573d4e69"
+source = "git+https://github.com/confidential-containers/image-rs?rev=76e6abed950152f000d8f70026d11a86cf95fb0c#76e6abed950152f000d8f70026d11a86cf95fb0c"
 dependencies = [
  "anyhow",
+ "async-trait",
+ "attestation_agent",
+ "base64",
  "dircpy",
  "flate2",
  "fs_extra",
  "futures-util",
+ "hex",
  "libc",
  "log",
  "nix 0.23.1",
- "oci-distribution 0.9.3",
+ "oci-distribution",
  "oci-spec",
  "ocicrypt-rs",
  "prost 0.8.0",
+ "sequoia-openpgp",
  "serde",
  "serde_json",
+ "serde_yaml",
  "sha2 0.10.5",
- "signature 0.1.0",
- "strum 0.23.0",
+ "shadow-rs 0.17.1",
+ "sigstore",
+ "strum",
+ "strum_macros",
  "tar",
  "tokio",
+ "tonic 0.5.2",
+ "tonic-build 0.5.2",
+ "url",
  "walkdir",
  "zstd",
 ]
@@ -2102,21 +2086,6 @@ dependencies = [
  "rayon",
 ]
 
-[[package]]
-name = "jwt"
-version = "0.15.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "98328bb4f360e6b2ceb1f95645602c7014000ef0c3809963df8ad3a3a09f8d99"
-dependencies = [
- "base64",
- "crypto-mac 0.11.1",
- "digest 0.9.0",
- "hmac 0.11.0",
- "serde",
- "serde_json",
- "sha2 0.9.9",
-]
-
 [[package]]
 name = "jwt"
 version = "0.16.0"
@@ -2183,7 +2152,7 @@ dependencies = [
  "tracing-opentelemetry",
  "tracing-subscriber",
  "ttrpc",
- "url 2.2.2",
+ "url",
  "vsock-exporter",
 ]
 
@@ -2265,12 +2234,6 @@ version = "0.19.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bcf796c978e9b4d983414f4caedc9273aa33ee214c5b887bd55fde84c85d2dc4"
 
-[[package]]
-name = "language-tags"
-version = "0.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d4345964bb142484797b161f473a503a434de77149dd8c7427788c6e13379388"
-
 [[package]]
 name = "lazy_static"
 version = "1.4.0"
@@ -2749,7 +2712,7 @@ dependencies = [
  "serde_path_to_error",
  "sha2 0.10.5",
  "thiserror",
- "url 2.2.2",
+ "url",
 ]
 
 [[package]]
@@ -2762,29 +2725,6 @@ dependencies = [
  "serde_json",
 ]
 
-[[package]]
-name = "oci-distribution"
-version = "0.8.1"
-source = "git+https://github.com/krustlet/oci-distribution?rev=1ba0d94a900a97aa1bcac032a67ea23766bcfdef#1ba0d94a900a97aa1bcac032a67ea23766bcfdef"
-dependencies = [
- "anyhow",
- "futures-util",
- "hyperx",
- "jwt 0.15.0",
- "lazy_static",
- "olpc-cjson",
- "regex",
- "reqwest",
- "serde",
- "serde_json",
- "sha2 0.9.9",
- "tokio",
- "tracing",
- "unicase 1.4.2",
- "url 1.7.2",
- "www-authenticate",
-]
-
 [[package]]
 name = "oci-distribution"
 version = "0.9.3"
@@ -2794,7 +2734,7 @@ dependencies = [
  "futures-util",
  "http",
  "http-auth",
- "jwt 0.16.0",
+ "jwt",
  "lazy_static",
  "olpc-cjson",
  "regex",
@@ -2805,7 +2745,7 @@ dependencies = [
  "thiserror",
  "tokio",
  "tracing",
- "unicase 2.6.0",
+ "unicase",
 ]
 
 [[package]]
@@ -2836,7 +2776,7 @@ dependencies = [
  "hmac 0.12.1",
  "josekit",
  "lazy_static",
- "oci-distribution 0.9.3",
+ "oci-distribution",
  "openssl",
  "pin-project-lite",
  "prost 0.11.0",
@@ -2920,7 +2860,7 @@ dependencies = [
  "serde_json",
  "serde_path_to_error",
  "thiserror",
- "url 2.2.2",
+ "url",
 ]
 
 [[package]]
@@ -2989,7 +2929,7 @@ dependencies = [
  "futures",
  "js-sys",
  "lazy_static",
- "percent-encoding 2.1.0",
+ "percent-encoding",
  "pin-project",
  "rand 0.8.5",
  "serde",
@@ -3150,12 +3090,6 @@ dependencies = [
  "base64ct",
 ]
 
-[[package]]
-name = "percent-encoding"
-version = "1.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "31010dd2e1ac33d5b46a5b413495239882813e0369f8ed8a5e266f173602f831"
-
 [[package]]
 name = "percent-encoding"
 version = "2.1.0"
@@ -3390,7 +3324,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "syn",
- "version_check 0.9.4",
+ "version_check",
 ]
 
 [[package]]
@@ -3401,7 +3335,7 @@ checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
 dependencies = [
  "proc-macro2",
  "quote",
- "version_check 0.9.4",
+ "version_check",
 ]
 
 [[package]]
@@ -3776,7 +3710,7 @@ dependencies = [
  "log",
  "mime",
  "native-tls",
- "percent-encoding 2.1.0",
+ "percent-encoding",
  "pin-project-lite",
  "serde",
  "serde_json",
@@ -3785,7 +3719,7 @@ dependencies = [
  "tokio-native-tls",
  "tokio-util 0.7.3",
  "tower-service",
- "url 2.2.2",
+ "url",
  "wasm-bindgen",
  "wasm-bindgen-futures",
  "web-sys",
@@ -4038,7 +3972,7 @@ dependencies = [
  "generic-array",
  "getrandom 0.2.7",
  "idea",
- "idna 0.2.3",
+ "idna",
  "lalrpop",
  "lalrpop-util",
  "lazy_static",
@@ -4290,31 +4224,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "signature"
-version = "0.1.0"
-source = "git+https://github.com/confidential-containers/image-rs?tag=v0.2.0#3aca6fd576f50b9e960309caddeb9d91573d4e69"
-dependencies = [
- "anyhow",
- "async-trait",
- "base64",
- "hex",
- "oci-distribution 0.8.1",
- "prost 0.8.0",
- "sequoia-openpgp",
- "serde",
- "serde_json",
- "serde_yaml",
- "shadow-rs 0.17.1",
- "sigstore",
- "strum 0.23.0",
- "strum_macros 0.24.3",
- "tokio",
- "tonic 0.5.2",
- "tonic-build 0.5.2",
- "url 2.2.2",
-]
-
 [[package]]
 name = "signature"
 version = "1.3.2"
@@ -4334,7 +4243,7 @@ dependencies = [
  "base64",
  "cached",
  "lazy_static",
- "oci-distribution 0.9.3",
+ "oci-distribution",
  "olpc-cjson",
  "open",
  "openidconnect",
@@ -4349,7 +4258,7 @@ dependencies = [
  "tokio",
  "tough",
  "tracing",
- "url 2.2.2",
+ "url",
  "x509-parser",
 ]
 
@@ -4519,35 +4428,13 @@ version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
 
-[[package]]
-name = "strum"
-version = "0.23.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cae14b91c7d11c9a851d3fbc80a963198998c2a64eec840477fa92d8ce9b70bb"
-dependencies = [
- "strum_macros 0.23.1",
-]
-
 [[package]]
 name = "strum"
 version = "0.24.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "063e6045c0e62079840579a7e47a355ae92f60eb74daaf156fb1e84ba164e63f"
 dependencies = [
- "strum_macros 0.24.3",
-]
-
-[[package]]
-name = "strum_macros"
-version = "0.23.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5bb0dc7ee9c15cea6199cde9a127fa16a4c5819af85395457ad72d68edc85a38"
-dependencies = [
- "heck 0.3.3",
- "proc-macro2",
- "quote",
- "rustversion",
- "syn",
+ "strum_macros",
 ]
 
 [[package]]
@@ -4904,7 +4791,7 @@ dependencies = [
  "http-body",
  "hyper",
  "hyper-timeout",
- "percent-encoding 2.1.0",
+ "percent-encoding",
  "pin-project",
  "prost 0.8.0",
  "prost-derive 0.8.0",
@@ -4936,7 +4823,7 @@ dependencies = [
  "http-body",
  "hyper",
  "hyper-timeout",
- "percent-encoding 2.1.0",
+ "percent-encoding",
  "pin-project",
  "prost 0.11.0",
  "prost-derive 0.11.0",
@@ -4989,7 +4876,7 @@ dependencies = [
  "olpc-cjson",
  "path-absolutize 3.0.14",
  "pem 1.1.0",
- "percent-encoding 2.1.0",
+ "percent-encoding",
  "reqwest",
  "ring",
  "serde",
@@ -4998,7 +4885,7 @@ dependencies = [
  "snafu",
  "tempfile",
  "untrusted",
- "url 2.2.2",
+ "url",
  "walkdir",
 ]
 
@@ -5242,22 +5129,13 @@ dependencies = [
  "utcnow",
 ]
 
-[[package]]
-name = "unicase"
-version = "1.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f4765f83163b74f957c797ad9253caf97f103fb064d3999aea9568d09fc8a33"
-dependencies = [
- "version_check 0.1.5",
-]
-
 [[package]]
 name = "unicase"
 version = "2.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "50f37be617794602aabbeee0be4f259dc1778fabe05e2d67ee8f79326d5cb4f6"
 dependencies = [
- "version_check 0.9.4",
+ "version_check",
 ]
 
 [[package]]
@@ -5319,17 +5197,6 @@ version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
 
-[[package]]
-name = "url"
-version = "1.7.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd4e7c0d531266369519a4aa4f399d748bd37043b00bde1e4ff1f60a120b355a"
-dependencies = [
- "idna 0.1.5",
- "matches",
- "percent-encoding 1.0.1",
-]
-
 [[package]]
 name = "url"
 version = "2.2.2"
@@ -5337,9 +5204,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a507c383b2d33b5fc35d1861e77e6b383d158b2da5e14fe51b83dfedf6fd578c"
 dependencies = [
  "form_urlencoded",
- "idna 0.2.3",
+ "idna",
  "matches",
- "percent-encoding 2.1.0",
+ "percent-encoding",
  "serde",
 ]
 
@@ -5371,12 +5238,6 @@ version = "0.2.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
 
-[[package]]
-name = "version_check"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "914b1a6776c4c929a602fafd8bc742e06365d4bcbe48c30f9cca5824f70dc9dd"
-
 [[package]]
 name = "version_check"
 version = "0.9.4"
@@ -5619,17 +5480,6 @@ dependencies = [
  "winapi",
 ]
 
-[[package]]
-name = "www-authenticate"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "02fd1970505d8d9842104b229ba0c6b6331c0897677d0fc0517ea657e77428d0"
-dependencies = [
- "hyperx",
- "unicase 1.4.2",
- "url 1.7.2",
-]
-
 [[package]]
 name = "wyz"
 version = "0.2.0"
diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml
index aa3a682fdc..eb0bcd3b8a 100644
--- a/src/agent/Cargo.toml
+++ b/src/agent/Cargo.toml
@@ -68,7 +68,7 @@ toml = "0.5.8"
 clap = { version = "3.0.1", features = ["derive"] }
 
 # Image pull/decrypt
-image-rs = { git = "https://github.com/confidential-containers/image-rs", tag = "v0.2.0" }
+image-rs = { git = "https://github.com/confidential-containers/image-rs", rev = "76e6abed950152f000d8f70026d11a86cf95fb0c" }
 # "vendored" feature for openssl is required by musl build
 openssl = { version = "0.10.38", features = ["vendored"] }
 
diff --git a/src/agent/src/image_rpc.rs b/src/agent/src/image_rpc.rs
index 1e5e22510a..4592c684e3 100644
--- a/src/agent/src/image_rpc.rs
+++ b/src/agent/src/image_rpc.rs
@@ -277,6 +277,15 @@ impl ImageService {
             self.image_client.lock().await.config.security_validate =
                 *enable_signature_verification;
 
+            // If the attestation-agent is being used, then enable the authenticated credentials support
+            //TODO tidy logic once skopeo is removed to combine with aa_kbc_params check above
+            info!(
+                sl!(),
+                "image_client.config.auth set to: {}",
+                !aa_kbc_params.is_empty()
+            );
+            self.image_client.lock().await.config.auth = !aa_kbc_params.is_empty();
+
             let bundle_path = Path::new(CONTAINER_BASE).join(&cid);
             fs::create_dir_all(&bundle_path)?;
 
@@ -290,6 +299,11 @@ impl ImageService {
                 .await
                 .pull_image(image, &bundle_path, &source_creds, &Some(&decrypt_config))
                 .await?;
+
+            info!(
+                sl!(),
+                "pull and unpack image {:?}, with image-rs succeeded ", cid
+            );
         }
 
         let mut sandbox = self.sandbox.lock().await;