diff --git a/defaults/main.yml b/defaults/main.yml
index efa76fa..529568a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,6 +5,10 @@ git_package_name_merge_tool: meld
 
 git_users: []
   # github:
+  #   allowedSignersFile:
+  #   - principals:
+  #     - max.mustermann@example.com
+  #     publicSSHKey: ssh-rsa AAAAX1...
   #   config:
   #     commit:
   #       gpgSign: "true"
@@ -12,3 +16,5 @@ git_users: []
   #       name: "root"
   #       email: root@localhost
   #       signingKey: gpg-fingerprint
+  #   revocationFile:
+  #   - ssh-rsa AAAAX1...
diff --git a/tasks/git_user.yml b/tasks/git_user.yml
index 3b8519b..f1f4460 100644
--- a/tasks/git_user.yml
+++ b/tasks/git_user.yml
@@ -21,8 +21,10 @@
     group: "{{ getent_passwd[item.key][2] }}"
     mode: "0644"
   with_items:
+  - .config/git/allowedSignersFile
   - .config/git/config
   - .config/git/message
   - .config/git/ignore
+  - .config/git/revocationFile
   loop_control:
     loop_var: filename
diff --git a/templates/.config/git/allowedSignersFile.j2 b/templates/.config/git/allowedSignersFile.j2
new file mode 100644
index 0000000..b40518f
--- /dev/null
+++ b/templates/.config/git/allowedSignersFile.j2
@@ -0,0 +1,9 @@
+#
+# {{ ansible_managed }}
+#
+
+{% if item.value.allowedSignersFile is defined and item.value.allowedSignersFile | length > 0%}
+{% for entry in item.value.allowedSignersFile %}
+{{ entry.principals | join(',') }} {{ entry.publicSSHKey }}
+{% endfor %}
+{% endif %}
\ No newline at end of file
diff --git a/templates/.config/git/revocationFile.j2 b/templates/.config/git/revocationFile.j2
new file mode 100644
index 0000000..8a41b19
--- /dev/null
+++ b/templates/.config/git/revocationFile.j2
@@ -0,0 +1,9 @@
+#
+# {{ ansible_managed }}
+#
+
+{% if item.value.revocationFile is defined and item.value.revocationFile | length > 0%}
+{% for entry in item.value.revocationFile %}
+{{ entry }}
+{% endfor %}
+{% endif %}
\ No newline at end of file