diff --git a/deployment.sh b/deployment.sh
index 3fd567d..71bd82f 100755
--- a/deployment.sh
+++ b/deployment.sh
@@ -643,6 +643,10 @@ fi
 if checkBootParam sipwiserepotransport ; then
   SIPWISE_REPO_TRANSPORT=$(getBootParam sipwiserepotransport)
 fi
+
+if checkBootParam debootstrapkey ; then
+  GPG_KEY=$(getBootParam debootstrapkey)
+fi
 ## }}}
 
 ## interactive mode {{{
@@ -1287,7 +1291,23 @@ fi
 # over official Debian
 MIRROR="${DEBIAN_REPO_TRANSPORT}://${DEBIAN_REPO_HOST}/debian/"
 SEC_MIRROR="${DEBIAN_REPO_TRANSPORT}://${DEBIAN_REPO_HOST}/debian-security/"
-KEYRING='/etc/apt/trusted.gpg.d/sipwise.gpg'
+
+if [ -z "${GPG_KEY}" ] ; then
+  KEYRING='/etc/apt/trusted.gpg.d/sipwise.gpg'
+else
+  KEYRING='/etc/apt/trusted.gpg'
+
+  echo "Fetching debootstrap keyring as GPG key '${GPG_KEY}'..."
+  logit "Fetching debootstrap keyring as GPG key '${GPG_KEY}'..."
+
+  if ! gpg --keyserver pool.sks-keyservers.net --recv-keys "${GPG_KEY}" ; then
+    die "Failed to fetch GPG key '${GPG_KEY}'"
+  fi
+
+  if ! gpg -a --export "${GPG_KEY}" | apt-key add - ; then
+    die "Failed to import GPG key '${GPG_KEY}' as apt-key"
+  fi
+fi
 
 set_deploy_status "debootstrap"