diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml
index f7ce9f003..28ff33985 100644
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@@ -15,6 +15,7 @@ iset_suffixes:
 gitea_iset_suffix: "{{ iset_suffixes[ansible_architecture | default("unknown architecture")] }}"
 
 gitea_download_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_iset_suffix }}"
+gitea_integrity_url: "{{ gitea_download_url }}.asc"
 
 # Information needed to run Gitea
 gitea_user: gitea
diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml
index 8c0a130aa..c5ee4be1a 100644
--- a/roles/gitea/tasks/install.yml
+++ b/roles/gitea/tasks/install.yml
@@ -7,6 +7,21 @@
     - install
   when: internet_available
 
+- name: Download Gitea GPG signature
+  get_url:
+    url: "{{ gitea_integrity_url }}"
+    dest: "{{ gitea_install_path }}.asc"
+  tags:
+    - install
+  when: internet_available
+
+- name: Verify Gitea binary with GPG signature
+  shell: |
+    gpg --keyserver pgp.mit.edu --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
+    gpg --verify {{ gitea_install_path }}.asc {{ gitea_install_path }}
+  tags:
+    - install
+
 - name: Create 'gitea' service
   template:
     src: gitea.service.j2