diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 940ce55a..593446bb 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -183,7 +183,7 @@ jobs:
           /tmp/flux push artifact oci://localhost:5000/fluxcd/flux:${{ github.sha }} \
             --path="./manifests" \
             --source="${{ github.repositoryUrl }}" \
-            --revision="${{ github.ref }}/${{ github.sha }}"
+            --revision="${{ github.ref }}@sha1:${{ github.sha }}"
           /tmp/flux tag artifact oci://localhost:5000/fluxcd/flux:${{ github.sha }} \
             --tag latest
           /tmp/flux list artifacts oci://localhost:5000/fluxcd/flux
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index cb719637..75cf6205 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -120,7 +120,7 @@ jobs:
           oci://ghcr.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }} \
           --path="./flux-system" \
           --source=${{ github.repositoryUrl }} \
-          --revision="${{ github.ref_name }}/${{ github.sha }}"
+          --revision="${{ github.ref_name }}@sha1:${{ github.sha }}"
       - name: Push manifests to DockerHub
         run: |
           mkdir -p ./docker.io/flux-system
@@ -132,7 +132,7 @@ jobs:
           oci://docker.io/fluxcd/flux-manifests:${{ steps.prep.outputs.VERSION }} \
           --path="./flux-system" \
           --source=${{ github.repositoryUrl }} \
-          --revision="${{ github.ref_name }}/${{ github.sha }}"
+          --revision="${{ github.ref_name }}@sha1:${{ github.sha }}"
       - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
       - name: Sign manifests
         env:
diff --git a/action/README.md b/action/README.md
index 5301c8c1..ba094484 100644
--- a/action/README.md
+++ b/action/README.md
@@ -132,7 +132,7 @@ jobs:
           flux push artifact $OCI_REPO:$(git rev-parse --short HEAD) \
             --path="./deploy" \
             --source="$(git config --get remote.origin.url)" \
-            --revision="$(git branch --show-current)/$(git rev-parse HEAD)"
+            --revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)"
       - name: Deploy manifests to staging
         run: |
           flux tag artifact $OCI_REPO:$(git rev-parse --short HEAD) --tag staging
@@ -180,7 +180,7 @@ jobs:
           $OCI_REPO:$(git rev-parse --short HEAD) \
           --path="./manifests" \
           --source="$(git config --get remote.origin.url)" \
-          --revision="$(git branch --show-current)/$(git rev-parse HEAD)" |\
+          --revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)" |\
           jq -r '. | .repository + "@" + .digest')
 
           cosign sign $digest_url
diff --git a/cmd/flux/push_artifact.go b/cmd/flux/push_artifact.go
index 6664c201..badea6a9 100644
--- a/cmd/flux/push_artifact.go
+++ b/cmd/flux/push_artifact.go
@@ -41,13 +41,13 @@ The command can read the credentials from '~/.docker/config.json' but they can a
   flux push artifact oci://ghcr.io/org/config/app:$(git rev-parse --short HEAD) \
 	--path="./path/to/local/manifests" \
 	--source="$(git config --get remote.origin.url)" \
-	--revision="$(git branch --show-current)/$(git rev-parse HEAD)"
+	--revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)"
 
   # Push and sign artifact with cosign
   digest_url = $(flux push artifact \
 	oci://ghcr.io/org/config/app:$(git rev-parse --short HEAD) \
 	--source="$(git config --get remote.origin.url)" \
-	--revision="$(git branch --show-current)/$(git rev-parse HEAD)" \
+	--revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)" \
 	--path="./path/to/local/manifest.yaml" \
 	--output json | \
 	jq -r '. | .repository + "@" + .digest')
@@ -56,21 +56,21 @@ The command can read the credentials from '~/.docker/config.json' but they can a
   # Push manifests passed into stdin to GHCR
   kustomize build . | flux push artifact oci://ghcr.io/org/config/app:$(git rev-parse --short HEAD) -p - \ 
     --source="$(git config --get remote.origin.url)" \
-    --revision="$(git branch --show-current)/$(git rev-parse HEAD)"
+    --revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)"
 
   # Push single manifest file to GHCR using the short Git SHA as the OCI artifact tag
   echo $GITHUB_PAT | docker login ghcr.io --username flux --password-stdin
   flux push artifact oci://ghcr.io/org/config/app:$(git rev-parse --short HEAD) \
 	--path="./path/to/local/manifest.yaml" \
 	--source="$(git config --get remote.origin.url)" \
-	--revision="$(git branch --show-current)/$(git rev-parse HEAD)"
+	--revision="$(git branch --show-current)@sha1:$(git rev-parse HEAD)"
 
   # Push manifests to Docker Hub using the Git tag as the OCI artifact tag
   echo $DOCKER_PAT | docker login --username flux --password-stdin
   flux push artifact oci://docker.io/org/app-config:$(git tag --points-at HEAD) \
 	--path="./path/to/local/manifests" \
 	--source="$(git config --get remote.origin.url)" \
-	--revision="$(git tag --points-at HEAD)/$(git rev-parse HEAD)"
+	--revision="$(git tag --points-at HEAD)@sha1:$(git rev-parse HEAD)"
 
   # Login directly to the registry provider
   # You might need to export the following variable if you use local config files for AWS:
@@ -78,14 +78,14 @@ The command can read the credentials from '~/.docker/config.json' but they can a
   flux push artifact oci://<account>.dkr.ecr.<region>.amazonaws.com/foo:v1:$(git tag --points-at HEAD) \
 	--path="./path/to/local/manifests" \
 	--source="$(git config --get remote.origin.url)" \
-	--revision="$(git tag --points-at HEAD)/$(git rev-parse HEAD)" \
+	--revision="$(git tag --points-at HEAD)@sha1:$(git rev-parse HEAD)" \
 	--provider aws
 
   # Or pass credentials directly
   flux push artifact oci://docker.io/org/app-config:$(git tag --points-at HEAD) \
 	--path="./path/to/local/manifests" \
 	--source="$(git config --get remote.origin.url)" \
-	--revision="$(git tag --points-at HEAD)/$(git rev-parse HEAD)" \
+	--revision="$(git tag --points-at HEAD)@sha1:$(git rev-parse HEAD)" \
 	--creds flux:$DOCKER_PAT
 `,
 	RunE: pushArtifactCmdRun,
@@ -112,7 +112,7 @@ func newPushArtifactFlags() pushArtifactFlags {
 func init() {
 	pushArtifactCmd.Flags().StringVar(&pushArtifactArgs.path, "path", "", "path to the directory where the Kubernetes manifests are located")
 	pushArtifactCmd.Flags().StringVar(&pushArtifactArgs.source, "source", "", "the source address, e.g. the Git URL")
-	pushArtifactCmd.Flags().StringVar(&pushArtifactArgs.revision, "revision", "", "the source revision in the format '<branch|tag>/<commit-sha>'")
+	pushArtifactCmd.Flags().StringVar(&pushArtifactArgs.revision, "revision", "", "the source revision in the format '<branch|tag>@sha1:<commit-sha>'")
 	pushArtifactCmd.Flags().StringVar(&pushArtifactArgs.creds, "creds", "", "credentials for OCI registry in the format <username>[:<password>] if --provider is generic")
 	pushArtifactCmd.Flags().Var(&pushArtifactArgs.provider, "provider", pushArtifactArgs.provider.Description())
 	pushArtifactCmd.Flags().StringSliceVar(&pushArtifactArgs.ignorePaths, "ignore-paths", excludeOCI, "set paths to ignore in .gitignore format")
diff --git a/rfcs/0003-kubernetes-oci/README.md b/rfcs/0003-kubernetes-oci/README.md
index 5622a80b..428c34ec 100644
--- a/rfcs/0003-kubernetes-oci/README.md
+++ b/rfcs/0003-kubernetes-oci/README.md
@@ -47,7 +47,7 @@ and push the archive to a container registry as an OCI artifact.
 ```sh
 flux push artifact oci://docker.io/org/app-config:v1.0.0 \
   --source="$(git config --get remote.origin.url)" \
-  --revision="$(git rev-parse HEAD)" \
+  --revision="sha1:$(git rev-parse HEAD)" \
   --path="./deploy"
 ```
 
@@ -65,7 +65,7 @@ The source and revision are added to the OCI artifact as Open Containers standar
   "mediaType": "application/vnd.oci.image.manifest.v1+json",
   "annotations": {
     "org.opencontainers.image.created": "2023-02-10T09:06:09Z",
-    "org.opencontainers.image.revision": "6ea3e5b4da159fcb4a1288f072d34c3315644bcc",
+    "org.opencontainers.image.revision": "sha1:6ea3e5b4da159fcb4a1288f072d34c3315644bcc",
     "org.opencontainers.image.source": "https://github.com/fluxcd/flux2"
   }
 }
@@ -288,7 +288,7 @@ Then push the Kubernetes manifests to GHCR:
 ```sh
 flux push artifact oci://ghcr.io/org/my-app-config:v1.0.0 \
 	--source="$(git config --get remote.origin.url)" \
-	--revision="$(git rev-parse HEAD)"\
+	--revision="sha1:$(git rev-parse HEAD)"\
 	--path="./deploy"
 ```
 
@@ -309,8 +309,8 @@ List the artifacts and their metadata with:
 ```console
 $ flux list artifacts oci://ghcr.io/org/my-app-config
 ARTIFACT                                DIGEST                                                                 	SOURCE                                          REVISION                                      
-ghcr.io/org/my-app-config:latest   	sha256:45b95019d30af335137977a369ad56e9ea9e9c75bb01afb081a629ba789b890c	https://github.com/org/my-app-config.git   	20b3a674391df53f05e59a33554973d1cbd4d549	
-ghcr.io/org/my-app-config:v1.0.0	sha256:45b95019d30af335137977a369ad56e9ea9e9c75bb01afb081a629ba789b890c	https://github.com/org/my-app-config.git	3f45e72f0d3457e91e3c530c346d86969f9f4034	
+ghcr.io/org/my-app-config:latest   	sha256:45b95019d30af335137977a369ad56e9ea9e9c75bb01afb081a629ba789b890c	https://github.com/org/my-app-config.git   	sha1:20b3a674391df53f05e59a33554973d1cbd4d549	
+ghcr.io/org/my-app-config:v1.0.0	sha256:45b95019d30af335137977a369ad56e9ea9e9c75bb01afb081a629ba789b890c	https://github.com/org/my-app-config.git	sha1:3f45e72f0d3457e91e3c530c346d86969f9f4034	
 ```
 
 #### Story 2
@@ -402,7 +402,7 @@ The Flux CLI will produce OCI artifacts with the following format:
   ],
   "annotations": {
     "org.opencontainers.image.created": "2023-02-10T09:06:09Z",
-    "org.opencontainers.image.revision": "6ea3e5b4da159fcb4a1288f072d34c3315644bcc",
+    "org.opencontainers.image.revision": "sha1:6ea3e5b4da159fcb4a1288f072d34c3315644bcc",
     "org.opencontainers.image.source": "https://github.com/fluxcd/flux2"
   }
 }
@@ -436,21 +436,21 @@ status:
     lastUpdateTime: "2022-06-22T09:14:21Z"
     metadata:
       org.opencontainers.image.created: "2023-02-10T09:06:09Z"
-      org.opencontainers.image.revision: b3b00fe35424a45d373bf4c7214178bc36fd7872
+      org.opencontainers.image.revision: sha1:b3b00fe35424a45d373bf4c7214178bc36fd7872
       org.opencontainers.image.source: https://github.com/stefanprodan/podinfo.git
     path: ocirepository/oci/podinfo/3b6cdcc7adcc9a84d3214ee1c029543789d90b5ae69debe9efa3f66e982875de.tar.gz
-    revision: 3b6cdcc7adcc9a84d3214ee1c029543789d90b5ae69debe9efa3f66e982875de
+    revision: sha256:3b6cdcc7adcc9a84d3214ee1c029543789d90b5ae69debe9efa3f66e982875de
     size: 1105
     url: http://source-controller.flux-system.svc.cluster.local./ocirepository/oci/podinfo/3b6cdcc7adcc9a84d3214ee1c029543789d90b5ae69debe9efa3f66e982875de.tar.gz
   conditions:
   - lastTransitionTime: "2022-06-22T09:14:21Z"
-    message: stored artifact for revision '3b6cdcc7adcc9a84d3214ee1c029543789d90b5ae69debe9efa3f66e982875de'
+    message: stored artifact for revision 'sha256:3b6cdcc7adcc9a84d3214ee1c029543789d90b5ae69debe9efa3f66e982875de'
     observedGeneration: 1
     reason: Succeeded
     status: "True"
     type: Ready
   - lastTransitionTime: "2022-06-22T09:14:21Z"
-    message: stored artifact for revision '3b6cdcc7adcc9a84d3214ee1c029543789d90b5ae69debe9efa3f66e982875de'
+    message: stored artifact for revision 'sha256:3b6cdcc7adcc9a84d3214ee1c029543789d90b5ae69debe9efa3f66e982875de'
     observedGeneration: 1
     reason: Succeeded
     status: "True"