diff --git a/terraform/gcp/modules/rekor/outputs.tf b/terraform/gcp/modules/rekor/outputs.tf
new file mode 100644
index 000000000..25ecf07da
--- /dev/null
+++ b/terraform/gcp/modules/rekor/outputs.tf
@@ -0,0 +1,20 @@
+/**
+ * Copyright 2023 The Sigstore Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "new_entry_pubsub_topic_url" {
+  description = "URL for the new entry PubSub topic for use with the \"rekor_server.new_entry_publisher\" flag."
+  value       = "gcppubsub://projects/${var.project_id}/topics/${google_pubsub_topic.new_entry.name}"
+}
diff --git a/terraform/gcp/modules/rekor/pubsub.tf b/terraform/gcp/modules/rekor/pubsub.tf
new file mode 100644
index 000000000..ef588c739
--- /dev/null
+++ b/terraform/gcp/modules/rekor/pubsub.tf
@@ -0,0 +1,45 @@
+/**
+ * Copyright 2023 The Sigstore Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+resource "google_project_iam_custom_role" "pubsub_publisher" {
+  project     = var.project_id
+  role_id     = "rekorPubsubPublisher"
+  title       = "Rekor PubSub Publisher"
+  description = "Able to inspect a topic and publish messages to it."
+  permissions = ["pubsub.topics.get", "pubsub.topics.publish"]
+}
+
+resource "google_pubsub_topic" "new_entry" {
+  name    = var.new_entry_pubsub_topic
+  project = var.project_id
+}
+
+data "google_iam_policy" "new_entry_topic" {
+  binding {
+    role    = google_project_iam_custom_role.pubsub_publisher.id
+    members = ["serviceAccount:${google_service_account.rekor-sa.email}"]
+  }
+  binding {
+    role    = "roles/pubsub.subscriber"
+    members = var.new_entry_pubsub_consumers
+  }
+}
+
+resource "google_pubsub_topic_iam_policy" "new_entry" {
+  project     = google_pubsub_topic.new_entry.project
+  topic       = google_pubsub_topic.new_entry.name
+  policy_data = data.google_iam_policy.new_entry_topic
+}
diff --git a/terraform/gcp/modules/rekor/variables.tf b/terraform/gcp/modules/rekor/variables.tf
index e628c8fe3..6d3595f3c 100644
--- a/terraform/gcp/modules/rekor/variables.tf
+++ b/terraform/gcp/modules/rekor/variables.tf
@@ -120,3 +120,15 @@ variable "gcp_lb_traffic_weight" {
   type        = number
   default     = 0
 }
+
+variable "new_entry_pubsub_topic" {
+  description = "name of the pubsub topic for new entries added to rekor"
+  type        = string
+  default     = "new-entry"
+}
+
+variable "new_entry_pubsub_consumers" {
+  description = "IAM members that can consume messages from the topic"
+  type        = list(string)
+  default     = ["allAuthenticatedUsers"]
+}