diff --git a/terraform/gcp/modules/sigstore/sigstore.tf b/terraform/gcp/modules/sigstore/sigstore.tf
index 44f17226d..36f7ac69a 100644
--- a/terraform/gcp/modules/sigstore/sigstore.tf
+++ b/terraform/gcp/modules/sigstore/sigstore.tf
@@ -218,6 +218,8 @@ module "rekor" {
   dns_zone_name   = var.dns_zone_name
   dns_domain_name = var.dns_domain_name
 
+  new_entry_pubsub_consumers = var.rekor_new_entry_pubsub_consumers
+
   redis_cluster_memory_size_gb = var.redis_cluster_memory_size_gb
 
   depends_on = [
diff --git a/terraform/gcp/modules/sigstore/variables.tf b/terraform/gcp/modules/sigstore/variables.tf
index 6dee23e06..8cf23c2e3 100644
--- a/terraform/gcp/modules/sigstore/variables.tf
+++ b/terraform/gcp/modules/sigstore/variables.tf
@@ -260,6 +260,11 @@ variable "rekor_key_name" {
   default     = "rekor-key"
 }
 
+variable "rekor_new_entry_pubsub_consumers" {
+  type        = list(string)
+  description = "List of IAM principals that can subscribe to events about new entries in the log"
+}
+
 variable "timestamp" {
   type = object({
     enabled = bool