diff --git a/.github/workflows/generator_container_slsa3.yml b/.github/workflows/generator_container_slsa3.yml
index fc6641b14e..eccb730e11 100644
--- a/.github/workflows/generator_container_slsa3.yml
+++ b/.github/workflows/generator_container_slsa3.yml
@@ -39,9 +39,9 @@ on:
       # Note: This should only be used for high entropy values such as AWS Access Key.
       # See https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container#workflow-inputs for more information.
       provenance-registry-username:
-        description: "Username when publishing to provenance registry (option 'provenance-registry') instead of image registry."
+        description: "Username when publishing to provenance repository (option 'provenance-repository') instead of image repository."
       provenance-registry-password:
-        description: "Password when publishing to provenance registry instead of image registry."
+        description: "Password when publishing to provenance repository instead of image repository."
     inputs:
       image:
         description: "The OCI image name. This must not include a tag or digest."
@@ -80,10 +80,10 @@ on:
         type: string
         default: ""
       provenance-registry-username:
-        description: "Username when publishing to provenance registry (option 'provenance-registry') instead of image registry."
+        description: "Username when publishing to provenance registry (option 'provenance-repository') instead of image repository."
         required: false
         type: string
-      provenance-registry:
+      provenance-repository:
         description: "If set, provenance is pushed to this registry instead of image registry."
         required: false
         type: string
@@ -220,12 +220,12 @@ jobs:
         id: provenance-registry-login
         continue-on-error: true
         env:
-          UNTRUSTED_PROVENANCE_REGISTRY: "${{ inputs.provenance-registry  }}"
+          UNTRUSTED_PROVENANCE_REPOSITORY: "${{ inputs.provenance-repository  }}"
           UNTRUSTED_INPUT_PROVENANCE_USERNAME: "${{ inputs.provenance-registry-username }}"
           UNTRUSTED_SECRET_PROVENANCE_USERNAME: "${{ secrets.provenance-registry-username }}"
           UNTRUSTED_PROVENANCE_PASSWORD: "${{ secrets.provenance-registry-password }}"
           GCP_ACCESS_TOKEN: "${{ steps.auth.outputs.access_token }}"
-        if: ${{ env.UNTRUSTED_PROVENANCE_REGISTRY != '' }}
+        if: ${{ env.UNTRUSTED_PROVENANCE_REPOSITORY != '' }}
         run: |
           set -euo pipefail
 
@@ -235,7 +235,7 @@ jobs:
           # See: https://stackoverflow.com/questions/37861791/how-are-docker-image-names-parsed#37867949
 
           untrusted_provenance_domain="docker.io"
-          maybe_provenance_domain=$(echo "${UNTRUSTED_PROVENANCE_REGISTRY}" | cut -f1 -d "/" | { grep -E "\.|:" || true; })
+          maybe_provenance_domain=$(echo "${UNTRUSTED_PROVENANCE_REPOSITORY}" | cut -f1 -d "/" | { grep -E "\.|:" || true; })
           if [ "${maybe_provenance_domain}" != "" ]; then
             untrusted_provenance_domain="${maybe_provenance_domain}"
           fi
@@ -266,7 +266,7 @@ jobs:
           UNTRUSTED_IMAGE: "${{ inputs.image }}"
           UNTRUSTED_DIGEST: "${{ inputs.digest }}"
           GITHUB_CONTEXT: "${{ toJSON(github) }}"
-          UNTRUSTED_PROVENANCE_REGISTRY: "${{ inputs.provenance-registry }}"
+          UNTRUSTED_PROVENANCE_REPOSITORY: "${{ inputs.provenance-repository }}"
         run: |
           set -euo pipefail
 
@@ -274,8 +274,8 @@ jobs:
           predicate_name="predicate.json"
           "$GITHUB_WORKSPACE/$BUILDER_BINARY" generate --predicate="$predicate_name"
 
-          if [[ -n "${UNTRUSTED_PROVENANCE_REGISTRY}" ]]; then
-            export COSIGN_REPOSITORY="${UNTRUSTED_PROVENANCE_REGISTRY}"
+          if [[ -n "${UNTRUSTED_PROVENANCE_REPOSITORY}" ]]; then
+            export COSIGN_REPOSITORY="${UNTRUSTED_PROVENANCE_REPOSITORY}"
           fi
 
           COSIGN_EXPERIMENTAL=1 \