diff --git a/.github/workflows/selftest.yml b/.github/workflows/selftest.yml
index b3e363a..27a6a70 100644
--- a/.github/workflows/selftest.yml
+++ b/.github/workflows/selftest.yml
@@ -84,7 +84,7 @@ jobs:
   #       id: sigstore-python
   #       with:
   #         inputs: ./test/artifact.txt
-  #         verify-cert-email: https://github.com/sigstore/gh-action-sigstore-python/.github/workflows/selftest.yml@${{ github.ref }}
+  #         verify-cert-identity: https://github.com/sigstore/gh-action-sigstore-python/.github/workflows/selftest.yml@${{ github.ref }}
   #         staging: true
 
   selftest-verify-issuer:
diff --git a/README.md b/README.md
index 3e4cc00..dc70dd4 100644
--- a/README.md
+++ b/README.md
@@ -264,11 +264,11 @@ Example:
     verify: false
 ```
 
-### `verify-cert-email`
+### `verify-cert-identity`
 
 **Default**: Empty
 
-The `verify-cert-email` setting controls whether to verify the Subject Alternative Name (SAN) of the
+The `verify-cert-identity` setting controls whether to verify the Subject Alternative Name (SAN) of the
 signing certificate after signing has taken place. If it is set, `sigstore-python` will compare the
 certificate's SAN against the provided value.
 
@@ -278,7 +278,7 @@ This setting only applies if `verify` is set to `true`.
 - uses: sigstore/gh-action-sigstore-python@v0.0.10
   with:
     inputs: file.txt
-    verify-cert-email: john.smith@example.com
+    verify-cert-identity: john.smith@example.com
 ```
 
 ### `verify-oidc-issuer`
diff --git a/action.py b/action.py
index fe1e00e..c14e659 100755
--- a/action.py
+++ b/action.py
@@ -141,9 +141,9 @@ def _fatal_help(msg):
 if os.getenv("GHA_SIGSTORE_PYTHON_VERIFY", "false") == "false":
     enable_verify = False
 
-verify_cert_email = os.getenv("GHA_SIGSTORE_PYTHON_VERIFY_CERT_EMAIL")
-if verify_cert_email != "":
-    sigstore_verify_args.extend(["--cert-email", verify_cert_email])
+verify_cert_identity = os.getenv("GHA_SIGSTORE_PYTHON_VERIFY_CERT_IDENTITY")
+if verify_cert_identity != "":
+    sigstore_verify_args.extend(["--cert-identity", verify_cert_identity])
 
 verify_oidc_issuer = os.getenv("GHA_SIGSTORE_PYTHON_VERIFY_OIDC_ISSUER")
 if verify_oidc_issuer != "":
diff --git a/action.yml b/action.yml
index c86e43d..e0f16cd 100644
--- a/action.yml
+++ b/action.yml
@@ -64,8 +64,8 @@ inputs:
     description: "verify the generated signatures after signing"
     required: false
     default: true
-  verify-cert-email:
-    description: "verify the email address to in the signing certificate's Subject Alternative Name (only applies when `verify` is on)"
+  verify-cert-identity:
+    description: "verify the identity in the signing certificate's Subject Alternative Name (only applies when `verify` is on)"
     required: false
     default: ""
   verify-oidc-issuer:
@@ -110,7 +110,7 @@ runs:
         GHA_SIGSTORE_PYTHON_REKOR_ROOT_PUBKEY: "${{ inputs.rekor-root-pubkey }}"
         GHA_SIGSTORE_PYTHON_STAGING: "${{ inputs.staging }}"
         GHA_SIGSTORE_PYTHON_VERIFY: "${{ inputs.verify }}"
-        GHA_SIGSTORE_PYTHON_VERIFY_CERT_EMAIL: "${{ inputs.verify-cert-email }}"
+        GHA_SIGSTORE_PYTHON_VERIFY_CERT_IDENTITY: "${{ inputs.verify-cert-identity }}"
         GHA_SIGSTORE_PYTHON_VERIFY_OIDC_ISSUER: "${{ inputs.verify-oidc-issuer }}"
         GHA_SIGSTORE_PYTHON_INTERNAL_BE_CAREFUL_DEBUG: "${{ inputs.internal-be-careful-debug }}"
       shell: bash
diff --git a/requirements.txt b/requirements.txt
index dd07477..08f04bd 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1 @@
-sigstore==0.6.8
+sigstore==0.7.0