diff --git a/docs/security.md b/docs/security.md
index c0bf38b3..5198bd45 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -15,13 +15,14 @@ This document should cover the current status of security measurements.
 
 # Helm Chart Trust Chain
 
-Helm charts are signed and validated against GPG keys which could be found in `helmfile/files/gpg-pubkeys`.
+Helm charts are signed and validated against GPG keys which can be found in `helmfile/files/gpg-pubkeys`.
 
-All charts except these are verifiable:
+For more details on Chart validation please visit: https://helm.sh/docs/topics/provenance/
+
+All charts except the ones mentioned below are verifiable:
 
 | Repository        | Verifiable |
 |-------------------|:----------:|
-| collabora-repo    |     no     |
 | open-xchange-repo |     no     |
 
 # Kubernetes Security Enforcements
diff --git a/helmfile/apps/collabora/helmfile.yaml b/helmfile/apps/collabora/helmfile.yaml
index 4f299eab..4ed5de46 100644
--- a/helmfile/apps/collabora/helmfile.yaml
+++ b/helmfile/apps/collabora/helmfile.yaml
@@ -8,6 +8,8 @@ repositories:
   # Collabora Online
   # Source: https://github.com/CollaboraOnline/online
   - name: "collabora-online-repo"
+    keyring: "../../files/gpg-pubkeys/collaboraoffice-com.gpg"
+    verify: {{ .Values.charts.collabora.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml
index 6318c09d..80fe8dff 100644
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -47,6 +47,7 @@ charts:
     repository: "bmi/opendesk/components/supplier/collabora/charts-mirror"
     name: "collabora-online"
     version: "1.1.11"
+    verify: true
     # @supplier: "Collabora"
     # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$'
     # @mirrorFrom: ['1', '1', '8']
diff --git a/helmfile/files/gpg-pubkeys/README.md b/helmfile/files/gpg-pubkeys/README.md
new file mode 100644
index 00000000..9db7de7c
--- /dev/null
+++ b/helmfile/files/gpg-pubkeys/README.md
@@ -0,0 +1,6 @@
+# GPG public keys
+
+Place GPG public keys in binary format into this directory and reference them in the respective `helmfile.yaml`.
+
+In case you have only an ASCII Armored file you can just base64 decode the payload of that file, but remember to
+**not include** the 4-letter checksum that is prefixed with an `=` sign at the end of the payload.
diff --git a/helmfile/files/gpg-pubkeys/collaboraoffice-com.gpg b/helmfile/files/gpg-pubkeys/collaboraoffice-com.gpg
new file mode 100644
index 00000000..84bd41dc
Binary files /dev/null and b/helmfile/files/gpg-pubkeys/collaboraoffice-com.gpg differ