Docker Content Trust Runtime enforcement: how to specify a separate content trust server url (notary)

Question

I am trying to setup runtime enforcement with Docker Content Trust, as specified here: https://docs.docker.com/engine/security/trust/content_trust/#runtime-enforcement-with-docker-content-trust.

{
    "content-trust": {
        "mode": "enforced"
    }
}

I am able to set this up but the issue is that in my case, the trust server is running on a separate URL/port and it seems there's no way of specifying the trust server url in docker daemon configuration. My best guess is that it is expecting the trust server to be running on the same url as the registry which is the default docker client behavior (in our case we are running harbor, and the helm chart it uses sets up the trust server on a port which is different from that of the registry)

I tried using the DOCKER_CONTENT_TRUST_SERVER environment variable, but this is pretty much ignored with docker daemon's runtime enforcement option (if I switch off runtime enforcement in daemon and use just this along with DOCKER_CONTENT_TRUST, then everything works fine). But because of security requirements, and the need to use trust-pinning with signatures which go along with these setting, I need to set this up somehow.

Can someone point out, what I am missing here, or if there's an alternative way to accomplish this? Also, I am using Docker Enterprise (which is expected since this feature is only available in enterprise version)