<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=384911) </details> <!--IssueSummary end--> ### Proposal Gitlab allows setting Push rules to enforce that commits are signed, as documented here: https://docs.gitlab.com/ee/user/project/repository/push_rules.html These do not verify the signature, but that is already a separate issue - https://gitlab.com/gitlab-org/gitlab/-/issues/208313 Assuming that issue is solved however, there is still a scenario where a developer could just create a new PGP key and add it to their account from this page: https://gitlab.com/-/profile/gpg_keys As a security admin, I would like to be able to disable developers from adding new keys to their gitlab account, or configure rules to ensure commits are signed with a certain key ID. ### Possible UX The feature could be as simple as having a textbox alongside "reject unsigned commits" which accepts a CSV or something of GPG KEY IDs that are allowed to sign commits. I.e. add a textbox below this if it is checked  As for the implementation on the backend, I am not too sure how it's best done. ### Alternatives Considered One hacky way I've though of is a CI/CD job which goes through git log and verifies signatures. However since `.gitlab-ci.yml` is part of a repository, this seems trivial for a developer to bypass, if they intend to do so.