diff --git a/.env.sample b/.env.sample
index 9e74232..b919531 100644
--- a/.env.sample
+++ b/.env.sample
@@ -86,6 +86,11 @@ RETENTION_MAX_LIFETIME=4w
 #MEDIA_RETENTION_LOCAL_LIFETIME=30d
 #MEDIA_RETENTION_REMOTE_LIFETIME=14d
 
+## Old Signing Key
+#OLD_SIGNING_KEY_ID=a_OLDKEYID
+#OLD_SIGNING_KEY=base64string
+#OLD_SIGNING_KEY_EXPIRES=123456789123
+
 ## Ratelimit
 
 #LOGIN_LIMIT_IP_PER_SECOND=5
diff --git a/abra.sh b/abra.sh
index 76f9495..bf81b8c 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,6 +1,6 @@
 export DISCORD_BRIDGE_YAML_VERSION=v2
 export ENTRYPOINT_CONF_VERSION=v3
-export HOMESERVER_YAML_VERSION=v31
+export HOMESERVER_YAML_VERSION=v32
 export LOG_CONFIG_VERSION=v2
 export SHARED_SECRET_AUTH_VERSION=v2
 export SIGNAL_BRIDGE_YAML_VERSION=v6
diff --git a/compose.yml b/compose.yml
index 8748267..dae7e6d 100644
--- a/compose.yml
+++ b/compose.yml
@@ -55,6 +55,9 @@ services:
       - ENABLE_REGISTRATION
       - REGISTRATION_REQUIRES_TOKEN
       - ENCRYPTED_BY_DEFAULT
+      - OLD_SIGNING_KEY
+      - OLD_SIGNING_KEY_ID
+      - OLD_SIGNING_KEY_EXPIRES
       - USER_DIRECTORY_ENABLED=${USER_DIRECTORY_ENABLED:-true}
       - USER_DIRECTORY_SEARCH_ALL_USERS=${USER_DIRECTORY_SEARCH_ALL_USERS:-true}
       - USER_DIRECTORY_PREFER_LOCAL_USERS=${USER_DIRECTORY_PREFER_LOCAL_USERS:-true}
diff --git a/homeserver.yaml.tmpl b/homeserver.yaml.tmpl
index c020f79..c65a019 100644
--- a/homeserver.yaml.tmpl
+++ b/homeserver.yaml.tmpl
@@ -186,6 +186,12 @@ form_secret: "{{ secret "form_secret" }}"
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#signing_key_path
 signing_key_path: "/data/{{ env "DOMAIN" }}.signing.key"
 
+# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#old_signing_keys
+{{ if (and (env "OLD_SIGNING_KEY_ID") (env "OLD_SIGNING_KEY") (env "OLD_SIGNING_KEY_EXPIRES")) }}
+old_signing_keys:
+  "ed25519:{{ env "OLD_SIGNING_KEY_ID" }}": { key: "{{ env "OLD_SIGNING_KEY" }}", expired_ts: {{ env "OLD_SIGNING_KEY_EXPIRES" }} }
+{{ end }}
+
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#trusted_key_servers
 {{ if eq (env "ENABLE_ALLOWLIST") "1" }}
 trusted_key_servers: [] # NOTE(d1): defaults to requesting server directly, which matches FEDERATION_ALLOWLIST