diff --git a/.github/workflows/build-push-image.yml b/.github/workflows/build-push-image.yml
index 5412f1e..0372542 100644
--- a/.github/workflows/build-push-image.yml
+++ b/.github/workflows/build-push-image.yml
@@ -271,7 +271,6 @@ jobs:
     env:
       COSIGN_PASSWORD: "password"
       COSIGN_YES: true
-      IMAGE_URI: ${{ needs.merge.outputs.image_uri }}
     needs:
       - merge
     # outputs: add signature location ?
@@ -310,7 +309,8 @@ jobs:
 
       - name: Sign container
         run: |-
-          cosign sign --yes --key=${{ inputs.key_name }}.key "$IMAGE_URI"
+          export IMAGE_URI="${{ inputs.registry }}/${{ inputs.image_name }}:${{ needs.merge.outputs.tag }}@${{ needs.merge.outputs.digest_root }}"
+          cosign sign -d --yes --key=${{ inputs.key_name }}.key "$IMAGE_URI"
         shell: bash
 
       - name: Get the container image from the registry