diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index be48a5054..7f516e6e9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -176,6 +176,16 @@ jobs:
         uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
         with:
           name: mage_bin
+      - name: GPG setup
+        if: matrix.package == 'rpm'
+        uses: kolaente/action-gpg@main
+        with:
+          gpg-passphrase: "${{ secrets.RELEASE_GPG_PASSPHRASE }}"
+          gpg-sign-key: "${{ secrets.RELEASE_GPG_SIGN_KEY }}"
+      - name: Export GPG key for nfpm
+        if: matrix.package == 'rpm'
+        run: |
+          gpg --export-secret-keys --armor 7D061A4AA61436B40713D42EFF054DACD908493A > /tmp/nfpm-signing-key.gpg
       - name: Prepare
         env:
           RELEASE_VERSION: ${{ steps.ghd.outputs.describe }}
@@ -193,6 +203,9 @@ jobs:
           packager: ${{ matrix.package }}
           target: ./dist/os-packages/vikunja-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}-${{ matrix.arch.pkg }}.${{ matrix.package }}
           config: ./nfpm.yaml
+        env:
+          NFPM_GPG_KEY_FILE: ${{ (matrix.package == 'rpm') && '/tmp/nfpm-signing-key.gpg' || '' }}
+          NFPM_PASSPHRASE: ${{ (matrix.package == 'rpm') && secrets.RELEASE_GPG_PASSPHRASE || '' }}
       - name: Upload
         uses: kolaente/s3-action@main
         with:
diff --git a/nfpm.yaml b/nfpm.yaml
index 13b74599e..b0cdf1b27 100644
--- a/nfpm.yaml
+++ b/nfpm.yaml
@@ -10,6 +10,9 @@ priority: "extra"
 license: "AGPLv3"
 depends:
   - systemd
+rpm:
+  signature:
+    key_file: ${NFPM_GPG_KEY_FILE}
 overrides:
   apk:
     depends: