diff --git a/README.md b/README.md
index ba00b6a..591e942 100644
--- a/README.md
+++ b/README.md
@@ -204,6 +204,18 @@ differences:
           <code>tls_cert</code> <em>(Optional)</em>: 
           TLS certificate for the notary server.
         </li>
+        <li>
+          <code>username</code> <em>(Optional)</em>:
+          Username for authorize Docker Registry with a Notary server(`content_trust.server`) attached.
+        </li>
+        <li>
+          <code>password</code> <em>(Optional)</em>:
+          Password for authorize Docker Registry with a Notary server(`content_trust.server`) attached.
+        </li>
+        <li>
+          <code>scopes</code> <em>(Optional)</em>:
+          What access for the resources requested, should be one of ['pull', 'push,pull', 'catalog']
+        </li>
       </ul>
     </td>
   </tr>
diff --git a/commands/out.go b/commands/out.go
index 1f87ea3..04ce108 100644
--- a/commands/out.go
+++ b/commands/out.go
@@ -232,7 +232,7 @@ func signImages(req resource.OutRequest, img v1.Image, tags []name.Tag) error {
 	}
 
 	for _, tag := range tags {
-		trustedRepo, err := gcr.NewTrustedGcrRepository(notaryConfigDir, tag, createAuth(req))
+		trustedRepo, err := gcr.NewTrustedGcrRepository(notaryConfigDir, tag, createRegistryAuth(req), createNotaryAuth(req))
 		if err != nil {
 			return fmt.Errorf("create TrustedGcrRepository: %w", err)
 		}
@@ -250,7 +250,21 @@ func signImages(req resource.OutRequest, img v1.Image, tags []name.Tag) error {
 
 // It's okay if both are blank. It will become an Anonymous Authenticator in
 // that case.
-func createAuth(req resource.OutRequest) *authn.Basic {
+func createRegistryAuth(req resource.OutRequest) *authn.Basic {
+	return &authn.Basic{
+		Username: req.Source.Username,
+		Password: req.Source.Password,
+	}
+}
+
+func createNotaryAuth(req resource.OutRequest) *authn.Basic {
+	if req.Source.ContentTrust.Username != "" || req.Source.ContentTrust.Password != "" {
+		return &authn.Basic{
+			Username: req.Source.ContentTrust.Username,
+			Password: req.Source.ContentTrust.Password,
+		}
+	}
+	// keep compatibility, fallback to using source.username & source.password
 	return &authn.Basic{
 		Username: req.Source.Username,
 		Password: req.Source.Password,
diff --git a/go.mod b/go.mod
index e35f69c..4086035 100644
--- a/go.mod
+++ b/go.mod
@@ -11,11 +11,9 @@ require (
 	github.com/google/go-containerregistry v0.8.0
 	github.com/onsi/ginkgo v1.16.4
 	github.com/onsi/gomega v1.19.0
-	github.com/simonshyu/notary-gcr v0.0.0-20211109021545-380a129b0e83
+	github.com/simonshyu/notary-gcr v0.0.0-20220601090547-d99a631aa58b
 	github.com/sirupsen/logrus v1.8.1
 	github.com/vbauerster/mpb v3.4.0+incompatible
 )
 
-replace github.com/simonshyu/notary-gcr => github.com/xtremerui/notary-gcr v0.0.0-20220307174448-84487b5997d2
-
 go 1.16
diff --git a/go.sum b/go.sum
index 3e03267..886ec99 100644
--- a/go.sum
+++ b/go.sum
@@ -773,6 +773,8 @@ github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdh
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/simonshyu/notary-gcr v0.0.0-20220601090547-d99a631aa58b h1:kUn9MHeKTptaFJSGHpWj+f0+ckEQPBPDw70qom6kvEs=
+github.com/simonshyu/notary-gcr v0.0.0-20220601090547-d99a631aa58b/go.mod h1:Dw2ChFJTfDnT2+3+sTv0XKsRPmqwsUk54m49WVBew0w=
 github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
@@ -857,8 +859,6 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:
 github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-github.com/xtremerui/notary-gcr v0.0.0-20220307174448-84487b5997d2 h1:TizTPADAcLkNjUd1PcnU4QQQ1sHiKVmIFva2/AfVSd0=
-github.com/xtremerui/notary-gcr v0.0.0-20220307174448-84487b5997d2/go.mod h1:Dw2ChFJTfDnT2+3+sTv0XKsRPmqwsUk54m49WVBew0w=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
diff --git a/types.go b/types.go
index c8f6f65..eaac9e2 100644
--- a/types.go
+++ b/types.go
@@ -205,6 +205,9 @@ type ContentTrust struct {
 	RepositoryPassphrase string `json:"repository_passphrase"`
 	TLSKey               string `json:"tls_key"`
 	TLSCert              string `json:"tls_cert"`
+	Scopes               string `json:"scopes,omitempty"`
+
+	BasicCredentials
 }
 
 /* Create notary config directory with following structure
@@ -227,6 +230,11 @@ func (ct *ContentTrust) PrepareConfigDir() (string, error) {
 	configObj["server_url"] = ct.Server
 	configObj["root_passphrase"] = ""
 	configObj["repository_passphrase"] = ct.RepositoryPassphrase
+	if ct.Scopes == "" {
+		configObj["scopes"] = transport.PushScope
+	} else {
+		configObj["scopes"] = ct.Scopes
+	}
 
 	configData, err := json.Marshal(configObj)
 	if err != nil {