diff --git a/packages/core/src/env-set/oidc.ts b/packages/core/src/env-set/oidc.ts
index 54be53f82..54469c156 100644
--- a/packages/core/src/env-set/oidc.ts
+++ b/packages/core/src/env-set/oidc.ts
@@ -6,7 +6,24 @@ import inquirer from 'inquirer';
 
 import { noInquiry } from './parameters';
 
+/**
+ * Try to read private key with the following order:
+ *
+ * 1. From `process.env.OIDC_PRIVATE_KEY`.
+ * 2. Fetch path from `process.env.OIDC_PRIVATE_KEY_PATH` then read from that path.
+ *
+ * If none of above succeed, then inquire user to generate a new key if no `--no-inquiry` presents in argv.
+ *
+ * @returns The private key for OIDC provider.
+ * @throws An error when failed to read a private key.
+ */
 const readPrivateKey = async (): Promise<string> => {
+  const privateKey = getEnv('OIDC_PRIVATE_KEY');
+
+  if (privateKey) {
+    return privateKey;
+  }
+
   const privateKeyPath = getEnv('OIDC_PRIVATE_KEY_PATH', 'oidc-private-key.pem');
 
   try {
@@ -19,7 +36,7 @@ const readPrivateKey = async (): Promise<string> => {
     const answer = await inquirer.prompt({
       type: 'confirm',
       name: 'confirm',
-      message: `No private key found in \`${privateKeyPath}\`, would you like to generate a new one?`,
+      message: `No private key found in env \`OIDC_PRIVATE_KEY\` nor \`${privateKeyPath}\`, would you like to generate a new one?`,
     });
 
     if (!answer.confirm) {