diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index f041857..31a5b75 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -38,9 +38,9 @@ jobs:
           secrets: |
             kv/data/ci/nexus username | MAVEN_USERNAME ;
             kv/data/ci/nexus password | MAVEN_CENTRAL_TOKEN ;
-            kv/data/ci/renovatebot gpgPrivateKey | RENOVATE_GIT_PRIVATE_KEY ;
-            kv/data/ci/renovatebot gpgPublicKey | RENOVATE_GIT_PUBLIC_KEY ;
-            kv/data/ci/renovatebot gpgPassphrase | RENOVATE_GIT_PASSPHRASE ;
+            kv/data/ci/renovatebot gpgPrivateKey | RENOVATE_GPG_PRIVATE_KEY ;
+            kv/data/ci/renovatebot gpgPublicKey | RENOVATE_GPG_PUBLIC_KEY ;
+            kv/data/ci/renovatebot gpgPassphrase | RENOVATE_GPG_PASSPHRASE ;
             kv/data/ci/renovatebot ciToken | RENOVATE_TOKEN ;
             kv/data/ci/renovatebot githubToken | GITHUB_COM_TOKEN :
       - name: Load renovate repo cache
@@ -53,6 +53,22 @@ jobs:
           key: repo-cache-${{ github.run_id }}
           restore-keys: |
             repo-cache-            
+    - name: "Import Commit Signing GPG key"
+      id: "import-gpg"
+      uses: "https://github.com/crazy-max/ghaction-import-gpg@v6"
+      with:
+        gpg_private_key: "${{ env.RENOVATE_GPG_SECRET_KEY }}"
+        passphrase: "${{ env.RENOVATE_GPG_PASSPHRASE }}"
+        git_user_signingkey: true
+        git_commit_gpgsign: true
+
+    - name: "GPG user IDs"
+      shell: "bash"
+      run: |
+        echo "fingerprint: ${{ steps.import-gpg.outputs.fingerprint }}"
+        echo "keyid:       ${{ steps.import-gpg.outputs.keyid }}"
+        echo "name:        ${{ steps.import-gpg.outputs.name }}"
+        echo "email:       ${{ steps.import-gpg.outputs.email }}"
 
       - name: Run renovate
         run: renovate