diff --git a/README.md b/README.md
index d6fb499..529330d 100644
--- a/README.md
+++ b/README.md
@@ -120,9 +120,16 @@ A repo my have its own `.gitdeploy/deploy.sh` at its root, but by default these
 You can set `--trust-repos` (or `TRUST_REPOS`) to allow deploy scripts to be run directly
 from a repository.
 
+- matches are case-insensitive (`foo` matches `Foo`)
+- a wildcard `*` may be used (at the end of a string) to define a prefix
+- the list may be space `' '` or comman `,` delimited
+
 ```bash
 # trust a few repos to run their own deploy scripts
-gitdeploy run --listen :3000 --trust-repos 'github.com/org/one,github.com/org/two'
+gitdeploy run --listen :3000 --trust-repos 'github.com/org/one github.com/org/two'
+
+# trust an organization
+gitdeploy run --listen :3000 --trust-repos 'github.com/org/*'
 
 # trust all repos
 gitdeploy run --listen :3000 --trust-repos '*'
diff --git a/main.go b/main.go
index 3c00860..f587a87 100644
--- a/main.go
+++ b/main.go
@@ -169,6 +169,7 @@ func main() {
 		if len(runOpts.RepoList) > 0 {
 			runOpts.RepoList = strings.ReplaceAll(runOpts.RepoList, ",", " ")
 			runOpts.RepoList = strings.ReplaceAll(runOpts.RepoList, "  ", " ")
+			runOpts.RepoList = strings.ToLower(runOpts.RepoList)
 		}
 		if 0 == len(promotionList) {
 			promotionList = os.Getenv("PROMOTIONS")
@@ -314,9 +315,7 @@ func serve() {
 		r.Get("/repos", func(w http.ResponseWriter, r *http.Request) {
 			repos := []Repo{}
 
-			for _, id := range strings.Fields(
-				strings.ReplaceAll(runOpts.RepoList, ",", " "),
-			) {
+			for _, id := range strings.Fields(runOpts.RepoList) {
 				repos = append(repos, Repo{
 					ID:         id,
 					CloneURL:   fmt.Sprintf("https://%s.git", id),
@@ -509,7 +508,20 @@ func runHook(hook webhooks.Ref) {
 		"GIT_CLONE_URL=" + hook.HTTPSURL,
 	}
 	for _, repo := range strings.Fields(runOpts.RepoList) {
-		if "*" == repo || repo == repoID {
+		last := len(repo) - 1
+		if len(repo) < 0 {
+			continue
+		}
+		repoID = strings.ToLower(repoID)
+		if '*' == repo[last] {
+			// Wildcard match a prefix, for example:
+			// github.com/whatever/*					MATCHES github.com/whatever/foo
+			// github.com/whatever/ProjectX-* MATCHES github.com/whatever/ProjectX-Foo
+			if strings.HasPrefix(repoID, repo[:last]) {
+				envs = append(envs, "GIT_REPO_TRUSTED=true")
+				break
+			}
+		} else if repo == repoID {
 			envs = append(envs, "GIT_REPO_TRUSTED=true")
 			break
 		}