Confidential Containers leverage Trusted Execution Environments (TEEs) to enhance security in cloud-native applications by safeguarding data-in-use against external threats. However, security vulnerabilities persist when container images are pulled from third-party registries, as such sources may introduce compromised or malicious images. This paper proposes a comprehensive design for an in-cluster container registry tailored for TEE-enabled environments, detailing its implementation, benefits, and role in strengthening the security posture of confidential workloads.