diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index bef70c68da14f6a604039b8c7e96fa1a457b39b3..1ee5c542a11937649e2a20a9e23b652cb631dbb0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -544,16 +544,16 @@ release-helm:
     - "docker logout ${CI_REGISTRY2_URL}"
     - "echo ${CI_REGISTRY2_PASSWORD} | docker login --username ${CI_REGISTRY2_USER} --password-stdin ${CI_REGISTRY2_URL}"
     - "mkdir -p ~/.gnupg"
-    - echo "$CI_GPG_KEYRING" | base64 -d > ~/.gnupg/secring.gpg
-    - echo "$CI_GPG_KEYRING2" | base64 -d > ~/.gnupg/pubring.gpg
+    - echo "$CI_GPG_KEYRING" | base64 -d > ./secring.gpg
+    - echo "$CI_GPG_KEYRING2" | base64 -d > ./pubring.gpg
     - helm registry login --username "${CI_REGISTRY_USER}" --password "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY_URL}"
     - helm registry login --username "${CI_REGISTRY2_USER}" --password "${CI_REGISTRY2_PASSWORD}" "${CI_REGISTRY2_URL}"
     - make build-helm
-    - "helm package ./helm/dbrepo --sign --key 'Martin Weise' --keyring ~/.gnupg/secring.gpg --destination ./build"
+    - "helm package ./helm/dbrepo --sign --key 'Martin Weise' --keyring ./secring.gpg --destination ./build"
     - "helm plugin install https://github.com/sigstore/helm-sigstore"
   script:
     - "helm push ./build/dbrepo-${CHART_VERSION}.tgz oci://${CI_REGISTRY2_URL}/helm"
-    - "helm sigstore upload ./build/dbrepo-${CHART_VERSION}.tgz"
+    - "helm sigstore upload --keyring ./pubring.gpg ./build/dbrepo-${CHART_VERSION}.tgz"
 
 release-docs:
   stage: release