What is a right way to sign CoreOS with gpg key

Hi all,
I’m trying to build my own CoreOS-like system in educational purposes. When I’m executing rpm-ostree status in builded image I see that my commit is unsigned. I’ve read a lot of documentation but still haven’t found what is a right place to put my gpg key to sign my ostree commits when using coreos-assembler as builder.