diff --git a/.github/workflows/flake-update.yaml b/.github/workflows/flake-update.yaml
index 2540b57..dc82e08 100644
--- a/.github/workflows/flake-update.yaml
+++ b/.github/workflows/flake-update.yaml
@@ -18,9 +18,18 @@ jobs:
           ref: master
       - uses: cachix/install-nix-action@v27
       - name: configure git
+        env:
+          SSH_PRIVKEY: ${{ secrets.BOT_SSH_PRIVKEY }}
+          SSH_PUBKEY: ${{ secrets.BOT_SSH_PUBKEY }}
         run: |
+          echo "$SSH_PRIVKEY" > "$RUNNER_TEMP/id_ed25519"
+          echo "$SSH_PUBKEY" > "$RUNNER_TEMP/id_ed25519.pub"
+          chmod -R 0600 "$RUNNER_TEMP/id_ed25519.pub" "$RUNNER_TEMP/id_ed25519"
           git config --global user.name 'torjus-bot'
           git config --global user.email 'torjus-bot@git.t-juice.club'
+          git config --global user.signingKey "$RUNNER_TEMP/id_ed25519.pub"
+          git config --global gpg.format ssh
+          git config --global commit.gpgsign true
       - name: flake update
         run: nix flake update --commit-lock-file
       - name: push