diff --git a/.gitea/workflows/docker-builder.yml b/.gitea/workflows/docker-builder.yml
index 509ec35..d3706b5 100644
--- a/.gitea/workflows/docker-builder.yml
+++ b/.gitea/workflows/docker-builder.yml
@@ -260,17 +260,18 @@ jobs:
           IMAGE_TO_SIGN="${REGISTRY_HOST}/${IMAGE_BASE}:${VERSION}"
           echo "Signing image $IMAGE_TO_SIGN"
 
-          # --- Key generieren (temp) ---
+          # --- Temporary keypair ---
           COSIGN_KEY_FILE=$(mktemp)
           echo "Generating temporary Cosign keypair at $COSIGN_KEY_FILE"
-          cosign generate-key-pair --passphrase "" --key "$COSIGN_KEY_FILE"
+          cosign generate-key-pair --key "$COSIGN_KEY_FILE"
 
-          # Optional: Digest nutzen, um Warnung zu vermeiden
+          # --- Get digest to avoid tag warning ---
           DIGEST=$(docker buildx imagetools inspect "$IMAGE_TO_SIGN" --raw | jq -r '.manifests[0].digest')
           echo "Signing digest: $DIGEST"
 
-          # Signieren
+          # --- Sign image ---
           cosign sign --key "$COSIGN_KEY_FILE" "${IMAGE_TO_SIGN}@${DIGEST}"
 
-          # Cleanup
+          # --- Cleanup ---
           rm -f "$COSIGN_KEY_FILE" "$COSIGN_KEY_FILE.pub"
+