diff --git a/.gitignore b/.gitignore
index 358efd4..1d6861a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
-# Private signing key
+# User-specific configuration and signing key
+config.sh
 *.pkcs12
 
 # Generated by build scripts
diff --git a/build-release.sh b/build-release.sh
index e500d6b..98cfa28 100755
--- a/build-release.sh
+++ b/build-release.sh
@@ -9,8 +9,21 @@ if [ -z $1 ]; then
   exit 1
 fi
 
+# For signing keystore and password.
+source ./config.sh
+
+can_sign=0
+if [ ! -z "${SIGN_KEYSTORE}" ] && [ ! -z "${SIGN_PASSWORD}" ]; then
+  can_sign=1
+else
+  echo "Disabling binary signing as config.sh does not define the required data."
+fi
+
 function sign {
-  ./osslsigncode -pkcs12 REDACTED.pkcs12 -pass "REDACTED" -n "Godot Game Engine" -i "https://godotengine.org" -t http://timestamp.comodoca.com -in $1 -out $1-signed
+  if [ $can_sign == 0 ]; then
+    return
+  fi
+  ./osslsigncode -pkcs12 ${SIGN_KEYSTORE} -pass "${SIGN_PASSWORD}" -n "${SIGN_NAME}" -i "${SIGN_URL}" -t http://timestamp.comodoca.com -in $1 -out $1-signed
   mv $1-signed $1
 }
 
diff --git a/build.sh b/build.sh
index 3bd03f4..4b3aa98 100755
--- a/build.sh
+++ b/build.sh
@@ -4,7 +4,14 @@ set -e
 
 OPTIND=1
 
-registry="registry.prehensile-tales.com"
+# For default registry.
+if [ ! -e config.sh ]; then
+  echo "No config.sh, copying default values from config.sh.in."
+  cp config.sh.in config.sh
+fi
+source ./config.sh
+
+registry="${REGISTRY}"
 username=""
 password=""
 godot_version=""
diff --git a/config.sh.in b/config.sh.in
new file mode 100644
index 0000000..a4bfe8d
--- /dev/null
+++ b/config.sh.in
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# Configuration file for user-specific details.
+# This file is gitignore'd and will be sourced by build scripts.
+
+# Registry for build containers.
+# The default registry is the one used for official Godot builds.
+# Note that some of its images are private and only accessible to selected
+# contributors.
+# You can build your own registry with scripts at
+# https://github.com/godotengine/build-containers
+export REGISTRY="registry.prehensile-tales.com"
+
+# Set up your own signing keystore and relevant details below.
+# If you do not fill all SIGN_* fields, signing will be skipped.
+
+# Path to pkcs12 archive.
+export SIGN_KEYSTORE=""
+
+# Password for the private key.
+export SIGN_PASSWORD=""
+
+# Name and URL of the signed application.
+# Use your own when making a thirdparty build.
+export SIGN_NAME=""
+export SIGN_URL=""