diff --git a/pkg/cosign/env/env.go b/pkg/cosign/env/env.go
index d6448a4c683..e8cbce08e8e 100644
--- a/pkg/cosign/env/env.go
+++ b/pkg/cosign/env/env.go
@@ -55,6 +55,7 @@ const (
 	VariableSigstoreCTLogPublicKeyFile Variable = "SIGSTORE_CT_LOG_PUBLIC_KEY_FILE"
 	VariableSigstoreRootFile           Variable = "SIGSTORE_ROOT_FILE"
 	VariableSigstoreRekorPublicKey     Variable = "SIGSTORE_REKOR_PUBLIC_KEY"
+	VariableSigstoreIDToken            Variable = "SIGSTORE_ID_TOKEN" //nolint:gosec
 
 	// Other external environment variables
 	VariableGitHubHost                Variable = "GITHUB_HOST"
@@ -197,6 +198,12 @@ var (
 			Sensitive:   false,
 			External:    true,
 		},
+		VariableSigstoreIDToken: {
+			Description: "is a OIDC token used to authenticate to Fulcio",
+			Expects:     "string with a OIDC token",
+			Sensitive:   true,
+			External:    true,
+		},
 	}
 )
 
diff --git a/pkg/providers/all/all.go b/pkg/providers/all/all.go
index c49dbea4e6a..a05d0476e17 100644
--- a/pkg/providers/all/all.go
+++ b/pkg/providers/all/all.go
@@ -20,6 +20,7 @@ import (
 
 	// Link in all of the providers.
 	_ "github.com/sigstore/cosign/v2/pkg/providers/buildkite"
+	_ "github.com/sigstore/cosign/v2/pkg/providers/envvar"
 	_ "github.com/sigstore/cosign/v2/pkg/providers/filesystem"
 	_ "github.com/sigstore/cosign/v2/pkg/providers/github"
 	_ "github.com/sigstore/cosign/v2/pkg/providers/google"
diff --git a/pkg/providers/envvar/env.go b/pkg/providers/envvar/env.go
new file mode 100644
index 00000000000..67de28fa953
--- /dev/null
+++ b/pkg/providers/envvar/env.go
@@ -0,0 +1,42 @@
+//
+// Copyright 2023 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package envvar
+
+import (
+	"context"
+
+	"github.com/sigstore/cosign/v2/pkg/cosign/env"
+	"github.com/sigstore/cosign/v2/pkg/providers"
+)
+
+func init() {
+	providers.Register("envvar", &envvar{})
+}
+
+type envvar struct{}
+
+var _ providers.Interface = (*envvar)(nil)
+
+// Enabled implements providers.Interface
+func (p *envvar) Enabled(context.Context) bool {
+	_, ok := env.LookupEnv(env.VariableSigstoreIDToken)
+	return ok
+}
+
+// Provide implements providers.Interface
+func (p *envvar) Provide(context.Context, string) (string, error) {
+	return env.Getenv(env.VariableSigstoreIDToken), nil
+}
diff --git a/pkg/providers/envvar/env_test.go b/pkg/providers/envvar/env_test.go
new file mode 100644
index 00000000000..cdc8f2ae9f3
--- /dev/null
+++ b/pkg/providers/envvar/env_test.go
@@ -0,0 +1,67 @@
+//
+// Copyright 2023 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package envvar
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/sigstore/cosign/v2/pkg/cosign/env"
+)
+
+func TestEnvVar(t *testing.T) {
+	ctx := context.Background()
+	token := "tacocat"
+
+	for _, tc := range []struct {
+		envmap map[string]string
+		want   bool
+	}{
+		{
+			envmap: map[string]string{
+				env.VariableSigstoreIDToken.String(): token,
+			},
+			want: true,
+		},
+		{
+			want: false,
+		},
+	} {
+		t.Run(fmt.Sprint(tc.want), func(t *testing.T) {
+			for k, v := range tc.envmap {
+				t.Setenv(k, v)
+			}
+			e := &envvar{}
+
+			if enabled := e.Enabled(ctx); enabled != tc.want {
+				t.Errorf("Enabled: want %t, got %t", tc.want, enabled)
+			}
+
+			got, err := e.Provide(ctx, "")
+			if err != nil {
+				t.Fatalf("Provide: %v", err)
+			}
+			want := ""
+			if tc.want {
+				want = token
+			}
+			if got != want {
+				t.Fatalf("Provide: want %s, got %s", want, got)
+			}
+		})
+	}
+}