diff --git a/README.md b/README.md
index 8a470a2..1efdfca 100644
--- a/README.md
+++ b/README.md
@@ -105,6 +105,7 @@ The following environment variables represent the configuration of the actual Sh
 | `PERMISSIONS_FILE_ORG` | ✔️ | The name of the GitHub org where you put the `.permissions` repository | |
 | `PERMISSIONS_FILE_REPO` | | Override the default repo to look for `config.yaml` | `.permissions` |
 | `PERMISSIONS_FILE_PATH` | | Override the default filepath to look for the Sheriff config | `config.yaml` |
+| `PERMISSIONS_FILE_REF` | | Override the default repo branch to look for the Sheriff config | `main` |
 | `GITHUB_WEBHOOK_SECRET` | ✔️ | The secret for the org-wide webhook you configured earlier | |
 | `SLACK_TOKEN` | ✔️ | The token for your Slack App you created earlier | |
 | `SLACK_WEBHOOK_URL` | ✔️ | The webhook URL for your Slack App you created earlier | |
diff --git a/src/constants.ts b/src/constants.ts
index 483209e..464791b 100644
--- a/src/constants.ts
+++ b/src/constants.ts
@@ -4,6 +4,7 @@ export const GITHUB_WEBHOOK_SECRET = process.env.GITHUB_WEBHOOK_SECRET || 'devel
 export const PERMISSIONS_FILE_ORG = process.env.PERMISSIONS_FILE_ORG!;
 export const PERMISSIONS_FILE_REPO = process.env.PERMISSIONS_FILE_REPO || '.permissions';
 export const PERMISSIONS_FILE_PATH = process.env.PERMISSIONS_FILE_PATH || 'config.yaml';
+export const PERMISSIONS_FILE_REF = process.env.PERMISSIONS_FILE_REF || 'main';
 
 export const SHERIFF_IMPORTANT_BRANCH = process.env.SHERIFF_IMPORTANT_BRANCH;
 
diff --git a/src/permissions/run.ts b/src/permissions/run.ts
index a03173f..a2fef76 100644
--- a/src/permissions/run.ts
+++ b/src/permissions/run.ts
@@ -10,7 +10,12 @@ import { memoize, IS_DRY_RUN } from '../helpers';
 import { GetResponseDataTypeFromEndpointMethod } from '@octokit/types';
 import { MessageBuilder } from '../MessageBuilder';
 import { plugins } from './plugins';
-import { PERMISSIONS_FILE_ORG, PERMISSIONS_FILE_PATH, PERMISSIONS_FILE_REPO } from '../constants';
+import {
+  PERMISSIONS_FILE_ORG,
+  PERMISSIONS_FILE_PATH,
+  PERMISSIONS_FILE_REPO,
+  PERMISSIONS_FILE_REF,
+} from '../constants';
 import {
   PermissionsConfig,
   RepoSettings,
@@ -40,6 +45,7 @@ const loadCurrentConfig = async () => {
     owner: PERMISSIONS_FILE_ORG,
     repo: PERMISSIONS_FILE_REPO,
     path: PERMISSIONS_FILE_PATH,
+    ref: PERMISSIONS_FILE_REF,
   });
   if (Array.isArray(contents.data)) throw new Error('Invalid config file');