diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 3f67d05..7f63e5f 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -72,6 +72,7 @@ jobs:
           go-version: 1.14
       -
         name: Import GPG key
+        id: import_gpg
         uses: crazy-max/ghaction-import-gpg@v1
         env:
           GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY_TEST }}
@@ -82,9 +83,13 @@ jobs:
         with:
           version: latest
           args: -f .goreleaser-signing.yml check --debug
+        env:
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
       -
         name: GoReleaser
         uses: ./
         with:
           version: latest
           args: -f .goreleaser-signing.yml release --skip-publish --rm-dist
+        env:
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
diff --git a/.goreleaser-signing.yml b/.goreleaser-signing.yml
index 6f8091f..91995cf 100644
--- a/.goreleaser-signing.yml
+++ b/.goreleaser-signing.yml
@@ -37,4 +37,4 @@ checksum:
 signs:
   -
     artifacts: checksum
-    args: ["--batch", "-u", "27571A53B86AF0C799B38BA77D851EB72D73BDA0", "--output", "${signature}", "--detach-sign", "${artifact}"]
+    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
diff --git a/README.md b/README.md
index eb38c5a..98b329a 100644
--- a/README.md
+++ b/README.md
@@ -97,6 +97,7 @@ If [signing is enabled](https://goreleaser.com/customization/#Signing) in your G
 ```yaml
       -
         name: Import GPG key
+        id: import_gpg
         uses: crazy-max/ghaction-import-gpg@v1
         env:
           GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
@@ -109,14 +110,15 @@ If [signing is enabled](https://goreleaser.com/customization/#Signing) in your G
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
 ```
 
-And reference the userID in your signing configuration:
+And reference the fingerprint in your signing configuration using the `GPG_FINGERPRINT` environment variable:
 
 ```yaml
 signs:
   - artifacts: checksum
-    args: ["--batch", "-u", "<key id, fingerprint, email, ...>", "--output", "${signature}", "--detach-sign", "${artifact}"]
+    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
 ```
 
 ## Customizing