diff --git a/README.md b/README.md
index fe283674..93333e2e 100644
--- a/README.md
+++ b/README.md
@@ -145,12 +145,12 @@ Typically, `path` will be a file containing the output of `tuf payload`.
 
 See also `tuf add-signatures`.
 
-#### `tuf add-signatures --signatures <sig_file> <metadata>`
-
+#### `tuf add-signatures [--signatures <sig_file>] <metadata>`
 
 Adds signatures (the output of `tuf sign-payload`) to the given role metadata file.
 
-If the signature does not verify, it will not be added.
+If the signature does not verify, it will not be added. Signature can be a json file
+or passed in via `stdin`.
 
 #### `tuf status --valid-at <date> <role>`
 
diff --git a/cmd/tuf/add_signatures.go b/cmd/tuf/add_signatures.go
index 65087360..3ee3e272 100644
--- a/cmd/tuf/add_signatures.go
+++ b/cmd/tuf/add_signatures.go
@@ -12,21 +12,34 @@ import (
 
 func init() {
 	register("add-signatures", cmdAddSignature, `
-usage: tuf add-signatures --signatures <sig_file> <metadata>
+usage: tuf add-signatures [--signatures <sig_file>] <metadata>
 
 Adds signatures (the output of "sign-payload") to the given role metadata file.
 
 If the signature does not verify, it will not be added.
+Options:
+  --signatures=<sig_file>   The path to the file containing the signatures to add. If not present, the contents are read from stdin
 `)
 }
 
 func cmdAddSignature(args *docopt.Args, repo *tuf.Repo) error {
 	roleFilename := args.String["<metadata>"]
 
-	f := args.String["<sig_file>"]
-	sigBytes, err := os.ReadFile(f)
-	if err != nil {
-		return err
+	f := args.String["--signatures"]
+	var sigBytes []byte
+	var err error
+	if f != "" {
+		sigBytes, err = os.ReadFile(f)
+		if err != nil {
+			return err
+		}
+	} else {
+		var input string
+		_, err := fmt.Scan(&input)
+		if err != nil {
+			return err
+		}
+		sigBytes = []byte(input)
 	}
 	sigs := []data.Signature{}
 	if err = json.Unmarshal(sigBytes, &sigs); err != nil {