diff --git a/docs/resources/gpg_key.md b/docs/resources/gpg_key.md
new file mode 100644
index 00000000..6daa11e3
--- /dev/null
+++ b/docs/resources/gpg_key.md
@@ -0,0 +1,75 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "argocd_gpg_key Resource - terraform-provider-argocd"
+subcategory: ""
+description: |-
+  Manages GPG keys https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ within ArgoCD.
+---
+
+# argocd_gpg_key (Resource)
+
+Manages [GPG keys](https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/) within ArgoCD.
+
+## Example Usage
+
+```terraform
+resource "argocd_gpg_key" "this" {
+  public_key = <<EOF
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGSJdlcBEACnza+KvWLyKWUHJPhgs//HRL0EEmA/EcFKioBlrgPNYf/O7hNg
+KT3NDaNrD26pr+bOb4mfaqNNS9no8b9EP3C7Co3Wf2d4xpJ5/hlpIm3V652S5daZ
+I7ylVT8QOrhaqEnHH2hEcOfDaqjrYfrx3qiI8v7DmV6jfGi1tDUUgfJwiOyZk4q1
+jiPo5k4+XNp9mCtUAGyidLFcUqQ9XbHKgBwgAoxtIKNSbdPCGhsjgTHHhzswMH/Z
+DhhtcraqrfOhoP9lI4/zyCS+B9OfUy7BS/1SqWKIgdsjFIR+zHIOI69lh77+ZAVE
+MVYJBdFke5/g/tTPaQGuBqaIJ3d/Mi/ZlbTsoBcq5qam73uh7fcgBV5la6NeuNcR
+tvKMVl4DlnkJS8LBtElLEeHEylTCdNltrUFwshDKDBtq6ilTKCK14R6g4lkn8VcE
+9xx7Mhdh77tp66FRZ6ge1E8EUEFwEeFhp240KRyaA5U1/kAarn8083zZ7d4+QObp
+L4KMqgrwLaxyPLgu0J/f946qLewV7XsbZRXE1jQa9Z7W5TEoJwjcC79DXe1wChc6
+cBfCtluDsnklwvldpKTEZU0q/hKE6Zt7NjLUyExV+5guoHllxoVxx7sh+jtKm/J+
+5gh+B3xOTDxRV2XYIx1TM6U1iLxAqchzFec8dfkuTbs/5f++PrddvZfiUQARAQAB
+tD1BcmdvQ0QgVGVycmFmb3JtIFByb3ZpZGVyIDxmYWtldXNlckB1c2Vycy5ub3Jl
+cGx5LmdpdGh1Yi5jb20+iQJOBBMBCgA4FiEEvK9bNlncXDhFAk6kmtkpVUAdOI0F
+AmSJdlcCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQmtkpVUAdOI2FdA//
+YuFYsX6SUVgI4l68ZHE34jLTWU5R2ujB6luErcguAlLyDtrD3melva3V/ETc69/1
+5o7Ayn3a7uz5lCEvUSLsCN+V2o3EjrA81pt8Zs+Z9WYeZE5F5DnKzq81PObdASB7
+Po2X0qLqqKIhpQxc/E7m26xmePCf82H36gtvPiEVmVA5yduk1lLG3aZtNIRCa4VK
+gmDjR8Se+OZeAw7JQCOeJB9/Y8oQ8nVkj1SWNIICaUwIXHtrj7r1z6XTDAEkGeBg
+HXW8IEhZDE1Nq3vQtZvgwftEoPT/Ff+8DwvL1JUov2ObQDolallzKaiiVfGZhPJZ
+4PMtEPEmSL9QWJAG5jiBVC3BdVZtXBNkC1HqTCXwZc/wzp5O9MmMXmCrUFr4FfHu
+IZ560MNpp/SrtUrOahLmvuG0B+Ze96e2nm5ap5wkCDaQouOIqM7Lj+FGq64cu2B/
+oSsl7joBZQUYXv8meNOQssm6jArRLG2oFoiEdRqzd2/RjvvJliLN9OCNvV43f38h
+8Ep8RDi9RiHhSKvwrvDD9x/JRm6zQUetjrctmjdIYp8k129LrD0Qr9ULXfphZdrv
+xga7/lyQLmukLu7Mxwp+ss2bY/wjT8mlT5P55kBpXXyYILhLsUESCHG6D8/Ov+vv
+OoZS+BSfe/0vc1aTfDKxj5wAx27a6z5o25X27feEl3U=
+=kqkH
+-----END PGP PUBLIC KEY BLOCK-----
+EOF
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `public_key` (String) Raw key data of the GPG key to create
+
+### Read-Only
+
+- `fingerprint` (String) Fingerprint is the fingerprint of the key
+- `id` (String) GPG key identifier
+- `owner` (String) Owner holds the owner identification, e.g. a name and e-mail address
+- `sub_type` (String) SubType holds the key's sub type (e.g. rsa4096)
+- `trust` (String) Trust holds the level of trust assigned to this key
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# GPG Keys can be imported using the key ID.
+
+# Example:
+terraform import argocd_gpg_key.this 9AD92955401D388D
+```
diff --git a/examples/resources/argocd_gpg_key/import.sh b/examples/resources/argocd_gpg_key/import.sh
new file mode 100644
index 00000000..e87e9b00
--- /dev/null
+++ b/examples/resources/argocd_gpg_key/import.sh
@@ -0,0 +1,4 @@
+# GPG Keys can be imported using the key ID.
+
+# Example:
+terraform import argocd_gpg_key.this 9AD92955401D388D
\ No newline at end of file
diff --git a/examples/resources/argocd_gpg_key/resource.tf b/examples/resources/argocd_gpg_key/resource.tf
new file mode 100644
index 00000000..c48e0586
--- /dev/null
+++ b/examples/resources/argocd_gpg_key/resource.tf
@@ -0,0 +1,33 @@
+resource "argocd_gpg_key" "this" {
+  public_key = <<EOF
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGSJdlcBEACnza+KvWLyKWUHJPhgs//HRL0EEmA/EcFKioBlrgPNYf/O7hNg
+KT3NDaNrD26pr+bOb4mfaqNNS9no8b9EP3C7Co3Wf2d4xpJ5/hlpIm3V652S5daZ
+I7ylVT8QOrhaqEnHH2hEcOfDaqjrYfrx3qiI8v7DmV6jfGi1tDUUgfJwiOyZk4q1
+jiPo5k4+XNp9mCtUAGyidLFcUqQ9XbHKgBwgAoxtIKNSbdPCGhsjgTHHhzswMH/Z
+DhhtcraqrfOhoP9lI4/zyCS+B9OfUy7BS/1SqWKIgdsjFIR+zHIOI69lh77+ZAVE
+MVYJBdFke5/g/tTPaQGuBqaIJ3d/Mi/ZlbTsoBcq5qam73uh7fcgBV5la6NeuNcR
+tvKMVl4DlnkJS8LBtElLEeHEylTCdNltrUFwshDKDBtq6ilTKCK14R6g4lkn8VcE
+9xx7Mhdh77tp66FRZ6ge1E8EUEFwEeFhp240KRyaA5U1/kAarn8083zZ7d4+QObp
+L4KMqgrwLaxyPLgu0J/f946qLewV7XsbZRXE1jQa9Z7W5TEoJwjcC79DXe1wChc6
+cBfCtluDsnklwvldpKTEZU0q/hKE6Zt7NjLUyExV+5guoHllxoVxx7sh+jtKm/J+
+5gh+B3xOTDxRV2XYIx1TM6U1iLxAqchzFec8dfkuTbs/5f++PrddvZfiUQARAQAB
+tD1BcmdvQ0QgVGVycmFmb3JtIFByb3ZpZGVyIDxmYWtldXNlckB1c2Vycy5ub3Jl
+cGx5LmdpdGh1Yi5jb20+iQJOBBMBCgA4FiEEvK9bNlncXDhFAk6kmtkpVUAdOI0F
+AmSJdlcCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQmtkpVUAdOI2FdA//
+YuFYsX6SUVgI4l68ZHE34jLTWU5R2ujB6luErcguAlLyDtrD3melva3V/ETc69/1
+5o7Ayn3a7uz5lCEvUSLsCN+V2o3EjrA81pt8Zs+Z9WYeZE5F5DnKzq81PObdASB7
+Po2X0qLqqKIhpQxc/E7m26xmePCf82H36gtvPiEVmVA5yduk1lLG3aZtNIRCa4VK
+gmDjR8Se+OZeAw7JQCOeJB9/Y8oQ8nVkj1SWNIICaUwIXHtrj7r1z6XTDAEkGeBg
+HXW8IEhZDE1Nq3vQtZvgwftEoPT/Ff+8DwvL1JUov2ObQDolallzKaiiVfGZhPJZ
+4PMtEPEmSL9QWJAG5jiBVC3BdVZtXBNkC1HqTCXwZc/wzp5O9MmMXmCrUFr4FfHu
+IZ560MNpp/SrtUrOahLmvuG0B+Ze96e2nm5ap5wkCDaQouOIqM7Lj+FGq64cu2B/
+oSsl7joBZQUYXv8meNOQssm6jArRLG2oFoiEdRqzd2/RjvvJliLN9OCNvV43f38h
+8Ep8RDi9RiHhSKvwrvDD9x/JRm6zQUetjrctmjdIYp8k129LrD0Qr9ULXfphZdrv
+xga7/lyQLmukLu7Mxwp+ss2bY/wjT8mlT5P55kBpXXyYILhLsUESCHG6D8/Ov+vv
+OoZS+BSfe/0vc1aTfDKxj5wAx27a6z5o25X27feEl3U=
+=kqkH
+-----END PGP PUBLIC KEY BLOCK-----
+EOF
+}
diff --git a/go.mod b/go.mod
index b33994a7..b515ebb1 100644
--- a/go.mod
+++ b/go.mod
@@ -4,6 +4,7 @@ go 1.19
 
 require (
 	github.com/Masterminds/semver/v3 v3.2.1
+	github.com/ProtonMail/gopenpgp/v2 v2.7.1
 	github.com/argoproj/argo-cd/v2 v2.6.7
 	github.com/argoproj/gitops-engine v0.7.3
 	github.com/argoproj/pkg v0.13.7-0.20221221191914-44694015343d
@@ -44,7 +45,8 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
 	github.com/PagerDuty/go-pagerduty v1.6.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230321155629-9a39f2531310 // indirect
+	github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect
 	github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/agext/levenshtein v1.2.2 // indirect
diff --git a/go.sum b/go.sum
index 1c8056b4..950d9911 100644
--- a/go.sum
+++ b/go.sum
@@ -86,8 +86,13 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/PagerDuty/go-pagerduty v1.6.0 h1:am81SzvG5Pw+s3JZ5yEy6kGvsXXklTNRrGr3d8WKpsU=
 github.com/PagerDuty/go-pagerduty v1.6.0/go.mod h1:7eaBLzsDpK7VUvU0SJ5mohczQkoWrrr5CjDaw5gh1as=
-github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
+github.com/ProtonMail/go-crypto v0.0.0-20230321155629-9a39f2531310 h1:dGAdTcqheKrQ/TW76sAcmO2IorwXplUw2inPkOzykbw=
+github.com/ProtonMail/go-crypto v0.0.0-20230321155629-9a39f2531310/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE=
+github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=
+github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw=
+github.com/ProtonMail/gopenpgp/v2 v2.7.1 h1:Awsg7MPc2gD3I7IFac2qE3Gdls0lZW8SzrFZ3k1oz0s=
+github.com/ProtonMail/gopenpgp/v2 v2.7.1/go.mod h1:/BU5gfAVwqyd8EfC3Eu7zmuhwYQpKs+cGD8M//iiaxs=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 h1:prBTRx78AQnXzivNT9Crhu564W/zPPr3ibSlpT9xKcE=
@@ -1148,6 +1153,7 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
 golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1195,6 +1201,7 @@ golang.org/x/mod v0.5.1-0.20210830214625-1b1db11ec8f4/go.mod h1:5OXOZSfqPIIbmVBI
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
 golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1256,6 +1263,7 @@ golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfS
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1385,6 +1393,7 @@ golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
 golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1392,6 +1401,7 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28=
 golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1405,6 +1415,7 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58=
 golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1484,6 +1495,7 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/internal/provider/model_gpg_key.go b/internal/provider/model_gpg_key.go
new file mode 100644
index 00000000..3bbd6dd8
--- /dev/null
+++ b/internal/provider/model_gpg_key.go
@@ -0,0 +1,63 @@
+package provider
+
+import (
+	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	customtypes "github.com/oboukili/terraform-provider-argocd/internal/types"
+)
+
+type gpgKeyModel struct {
+	ID          types.String             `tfsdk:"id"`
+	PublicKey   customtypes.PGPPublicKey `tfsdk:"public_key"`
+	Fingerprint types.String             `tfsdk:"fingerprint"`
+	Owner       types.String             `tfsdk:"owner"`
+	SubType     types.String             `tfsdk:"sub_type"`
+	Trust       types.String             `tfsdk:"trust"`
+}
+
+func gpgKeySchemaAttributes() map[string]schema.Attribute {
+	return map[string]schema.Attribute{
+		"public_key": schema.StringAttribute{
+			MarkdownDescription: "Raw key data of the GPG key to create",
+			CustomType:          customtypes.PGPPublicKeyType,
+			Required:            true,
+			PlanModifiers: []planmodifier.String{
+				stringplanmodifier.RequiresReplace(),
+			},
+		},
+		"fingerprint": schema.StringAttribute{
+			MarkdownDescription: "Fingerprint is the fingerprint of the key",
+			Computed:            true,
+		},
+		"id": schema.StringAttribute{
+			MarkdownDescription: "GPG key identifier",
+			Computed:            true,
+		},
+		"owner": schema.StringAttribute{
+			MarkdownDescription: "Owner holds the owner identification, e.g. a name and e-mail address",
+			Computed:            true,
+		},
+		"sub_type": schema.StringAttribute{
+			MarkdownDescription: "SubType holds the key's sub type (e.g. rsa4096)",
+			Computed:            true,
+		},
+		"trust": schema.StringAttribute{
+			MarkdownDescription: "Trust holds the level of trust assigned to this key",
+			Computed:            true,
+		},
+	}
+}
+
+func newGPGKey(k *v1alpha1.GnuPGPublicKey) *gpgKeyModel {
+	return &gpgKeyModel{
+		Fingerprint: types.StringValue(k.Fingerprint),
+		ID:          types.StringValue(k.KeyID),
+		Owner:       types.StringValue(k.Owner),
+		PublicKey:   customtypes.PGPPublicKeyValue(k.KeyData),
+		SubType:     types.StringValue(k.SubType),
+		Trust:       types.StringValue(k.Trust),
+	}
+}
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
index 128773dd..c64218c2 100644
--- a/internal/provider/provider.go
+++ b/internal/provider/provider.go
@@ -253,7 +253,9 @@ func (p *ArgoCDProvider) Configure(ctx context.Context, req provider.ConfigureRe
 }
 
 func (p *ArgoCDProvider) Resources(context.Context) []func() resource.Resource {
-	return nil
+	return []func() resource.Resource{
+		NewGPGKeyResource,
+	}
 }
 
 func (p *ArgoCDProvider) DataSources(context.Context) []func() datasource.DataSource {
diff --git a/internal/provider/resource_gpg_key.go b/internal/provider/resource_gpg_key.go
new file mode 100644
index 00000000..bb8dc3b6
--- /dev/null
+++ b/internal/provider/resource_gpg_key.go
@@ -0,0 +1,201 @@
+package provider
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/argoproj/argo-cd/v2/pkg/apiclient/gpgkey"
+	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	"github.com/oboukili/terraform-provider-argocd/internal/diagnostics"
+	"github.com/oboukili/terraform-provider-argocd/internal/sync"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var _ resource.Resource = &gpgKeyResource{}
+
+func NewGPGKeyResource() resource.Resource {
+	return &gpgKeyResource{}
+}
+
+// gpgKeyResource defines the resource implementation.
+type gpgKeyResource struct {
+	si *ServerInterface
+}
+
+func (r *gpgKeyResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_gpg_key"
+}
+
+func (r *gpgKeyResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		MarkdownDescription: "Manages [GPG keys](https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/) within ArgoCD.",
+		Attributes:          gpgKeySchemaAttributes(),
+	}
+}
+
+func (r *gpgKeyResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	si, ok := req.ProviderData.(*ServerInterface)
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Provider Data Type",
+			fmt.Sprintf("Expected *ServerInterface, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	r.si = si
+}
+
+func (r *gpgKeyResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var data gpgKeyModel
+
+	// Read Terraform configuration data into the model
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+
+	// Initialize API clients
+	resp.Diagnostics.Append(r.si.InitClients(ctx)...)
+
+	// Check for errors before proceeding
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Create GPG key
+	sync.GPGKeysMutex.Lock()
+
+	keys, err := r.si.GPGKeysClient.Create(ctx, &gpgkey.GnuPGPublicKeyCreateRequest{
+		Publickey: &v1alpha1.GnuPGPublicKey{KeyData: data.PublicKey.String()},
+	})
+
+	sync.GPGKeysMutex.Unlock()
+
+	if err != nil {
+		resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("create", "GPG key", "", err)...)
+		return
+	}
+
+	if keys.Created == nil || len(keys.Created.Items) == 0 {
+		resp.Diagnostics.AddError("unexpected response when creating ArgoCD GPG Key - no keys created", "")
+		return
+	}
+
+	tflog.Trace(ctx, fmt.Sprintf("created GPG key %s", keys.Created.Items[0].KeyID))
+
+	// Parse response and store state
+	resp.Diagnostics.Append(resp.State.Set(ctx, newGPGKey(&keys.Created.Items[0]))...)
+}
+
+func (r *gpgKeyResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var data gpgKeyModel
+
+	// Read Terraform prior state data into the model
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+
+	// Initialize API clients
+	resp.Diagnostics.Append(r.si.InitClients(ctx)...)
+
+	// Check for errors before proceeding
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Read key from API
+	key, diags := readGPGKey(ctx, r.si, data.ID.ValueString())
+	resp.Diagnostics.Append(diags...)
+
+	// Save updated data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, key)...)
+}
+
+func (r *gpgKeyResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	var data gpgKeyModel
+
+	// Read Terraform prior state data into the model
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+
+	// Initialize API clients
+	resp.Diagnostics.Append(r.si.InitClients(ctx)...)
+
+	// Check for errors before proceeding
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// In general, this resource will be recreated rather than updated. However,
+	// `Update` will be called on the first apply after an import so we need to
+	// ensure that we set the state of the computed data by reading the key from
+	// the API.
+	key, diags := readGPGKey(ctx, r.si, data.ID.ValueString())
+	resp.Diagnostics.Append(diags...)
+
+	// Save updated data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, key)...)
+}
+
+func (r *gpgKeyResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	var data gpgKeyModel
+
+	// Read Terraform prior state data into the model
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+
+	// Initialize API clients
+	resp.Diagnostics.Append(r.si.InitClients(ctx)...)
+
+	// Check for errors before proceeding
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	sync.GPGKeysMutex.Lock()
+
+	_, err := r.si.GPGKeysClient.Delete(ctx, &gpgkey.GnuPGPublicKeyQuery{
+		KeyID: data.ID.ValueString(),
+	})
+
+	sync.GPGKeysMutex.Unlock()
+
+	if err != nil && !strings.Contains(err.Error(), "NotFound") {
+		resp.Diagnostics.Append(diagnostics.ArgoCDAPIError("delete", "GPG key", data.ID.ValueString(), err)...)
+		return
+	}
+
+	tflog.Trace(ctx, fmt.Sprintf("deleted GPG key %s", data.ID.ValueString()))
+}
+
+func (r *gpgKeyResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+	resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp)
+}
+
+func readGPGKey(ctx context.Context, si *ServerInterface, id string) (*gpgKeyModel, diag.Diagnostics) {
+	var diags diag.Diagnostics
+
+	sync.GPGKeysMutex.RLock()
+
+	k, err := si.GPGKeysClient.Get(ctx, &gpgkey.GnuPGPublicKeyQuery{
+		KeyID: id,
+	})
+
+	sync.GPGKeysMutex.RUnlock()
+
+	if err != nil {
+		if !strings.Contains(err.Error(), "NotFound") {
+			diags.Append(diagnostics.ArgoCDAPIError("read", "GPG key", id, err)...)
+		}
+
+		return nil, diags
+	}
+
+	return newGPGKey(k), diags
+}
diff --git a/internal/provider/resource_gpg_key_test.go b/internal/provider/resource_gpg_key_test.go
new file mode 100644
index 00000000..f3d888c2
--- /dev/null
+++ b/internal/provider/resource_gpg_key_test.go
@@ -0,0 +1,132 @@
+package provider
+
+import (
+	"regexp"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccArgoCDGPGKeyResource(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			// Create and Read testing
+			{
+				Config: `
+resource "argocd_gpg_key" "this" {
+	public_key = chomp(
+<<-EOF
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGSJdlcBEACnza+KvWLyKWUHJPhgs//HRL0EEmA/EcFKioBlrgPNYf/O7hNg
+KT3NDaNrD26pr+bOb4mfaqNNS9no8b9EP3C7Co3Wf2d4xpJ5/hlpIm3V652S5daZ
+I7ylVT8QOrhaqEnHH2hEcOfDaqjrYfrx3qiI8v7DmV6jfGi1tDUUgfJwiOyZk4q1
+jiPo5k4+XNp9mCtUAGyidLFcUqQ9XbHKgBwgAoxtIKNSbdPCGhsjgTHHhzswMH/Z
+DhhtcraqrfOhoP9lI4/zyCS+B9OfUy7BS/1SqWKIgdsjFIR+zHIOI69lh77+ZAVE
+MVYJBdFke5/g/tTPaQGuBqaIJ3d/Mi/ZlbTsoBcq5qam73uh7fcgBV5la6NeuNcR
+tvKMVl4DlnkJS8LBtElLEeHEylTCdNltrUFwshDKDBtq6ilTKCK14R6g4lkn8VcE
+9xx7Mhdh77tp66FRZ6ge1E8EUEFwEeFhp240KRyaA5U1/kAarn8083zZ7d4+QObp
+L4KMqgrwLaxyPLgu0J/f946qLewV7XsbZRXE1jQa9Z7W5TEoJwjcC79DXe1wChc6
+cBfCtluDsnklwvldpKTEZU0q/hKE6Zt7NjLUyExV+5guoHllxoVxx7sh+jtKm/J+
+5gh+B3xOTDxRV2XYIx1TM6U1iLxAqchzFec8dfkuTbs/5f++PrddvZfiUQARAQAB
+tD1BcmdvQ0QgVGVycmFmb3JtIFByb3ZpZGVyIDxmYWtldXNlckB1c2Vycy5ub3Jl
+cGx5LmdpdGh1Yi5jb20+iQJOBBMBCgA4FiEEvK9bNlncXDhFAk6kmtkpVUAdOI0F
+AmSJdlcCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQmtkpVUAdOI2FdA//
+YuFYsX6SUVgI4l68ZHE34jLTWU5R2ujB6luErcguAlLyDtrD3melva3V/ETc69/1
+5o7Ayn3a7uz5lCEvUSLsCN+V2o3EjrA81pt8Zs+Z9WYeZE5F5DnKzq81PObdASB7
+Po2X0qLqqKIhpQxc/E7m26xmePCf82H36gtvPiEVmVA5yduk1lLG3aZtNIRCa4VK
+gmDjR8Se+OZeAw7JQCOeJB9/Y8oQ8nVkj1SWNIICaUwIXHtrj7r1z6XTDAEkGeBg
+HXW8IEhZDE1Nq3vQtZvgwftEoPT/Ff+8DwvL1JUov2ObQDolallzKaiiVfGZhPJZ
+4PMtEPEmSL9QWJAG5jiBVC3BdVZtXBNkC1HqTCXwZc/wzp5O9MmMXmCrUFr4FfHu
+IZ560MNpp/SrtUrOahLmvuG0B+Ze96e2nm5ap5wkCDaQouOIqM7Lj+FGq64cu2B/
+oSsl7joBZQUYXv8meNOQssm6jArRLG2oFoiEdRqzd2/RjvvJliLN9OCNvV43f38h
+8Ep8RDi9RiHhSKvwrvDD9x/JRm6zQUetjrctmjdIYp8k129LrD0Qr9ULXfphZdrv
+xga7/lyQLmukLu7Mxwp+ss2bY/wjT8mlT5P55kBpXXyYILhLsUESCHG6D8/Ov+vv
+OoZS+BSfe/0vc1aTfDKxj5wAx27a6z5o25X27feEl3U=
+=kqkH
+-----END PGP PUBLIC KEY BLOCK-----
+EOF
+)
+}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("argocd_gpg_key.this", "id", "9AD92955401D388D"),
+					resource.TestCheckResourceAttr("argocd_gpg_key.this", "fingerprint", "BCAF5B3659DC5C3845024EA49AD92955401D388D"),
+					resource.TestCheckResourceAttr("argocd_gpg_key.this", "owner", "ArgoCD Terraform Provider <fakeuser@users.noreply.github.com>"),
+					resource.TestCheckResourceAttr("argocd_gpg_key.this", "sub_type", "rsa4096"),
+					resource.TestCheckResourceAttr("argocd_gpg_key.this", "trust", "unknown"),
+				),
+			},
+			// ImportState testing
+			{
+				ResourceName:      "argocd_gpg_key.this",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			// Update (i.e. recreate)
+			{
+				Config: `
+resource "argocd_gpg_key" "this" {
+	public_key = <<EOF
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGSJpQYBEADIy7tAUiB7m5D159KphRN+E+5gc735v6wCqQz2IDpy1pvYpMeK
+5N2MATUam6KAzRDTrfAPY4ztyFMTvzH3MuXZKgRFo/diUcYsT+lORRVgGELJQ4Jc
+nC52vr5LmiLpTf4BQg8Er8dsCrLwPHUuUENbSigPPXtltIxYlkWRVutXcGKMuqNY
+tYz8/UmT19dwsM5ZVyVbFfugymLP/ig2TT7s+oYIbTicoZZLtTXAP7oARK9NB23e
+bOJUCsBJxyqGRor0AJ5pnkH18MYqWnrmEZrhkrsYdOS39+JWheadM1/w1v3CcDHa
+prFiaWtuJovTTfa4NZi8982MV9IXAe1q/vTIjTWZDWNjyQhSASucNmHPwynczwTX
+EnhqJn2G5STk+qnOcxEbcCcUx7eUEHPfHf1S+ubP9pjOCZhvwRiBNDxZAagp+Owj
+9jC7m+AtCZ+qEoMKWMfm8KDmwt+1frfUSa4kMH6IX8OgLj1fcRSa0lGicuPf8N8z
+1oEf2MvIg/Ey/vZGuj8nC/gafJuPOiwbLhSwXzPrXtdwvKjerGjJXFmxrBT2vVVc
+UHUIPxktY5DAzwz3g2HKItNTuuK7fBwiT4a4XdkZweEU9ay3LeG10tnjbMianHhw
+w0tQame9/fN4x/2UQGdwraOBWHlKtODcCdkGwh4OJGi/ONU0dRf4pjDfXwARAQAB
+tD1BcmdvQ0QgVGVycmFmb3JtIFByb3ZpZGVyIDxmYWtldXNlckB1c2Vycy5ub3Jl
+cGx5LmdpdGh1Yi5jb20+iQJOBBMBCgA4FiEEkIF5sfPAA3XyA8qv4a1Re5E3tjUF
+AmSJpQYCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ4a1Re5E3tjWIdRAA
+ll5uXni1Q8U+su5HkSt8sam46VJfXXDm1SGNZDXNDWEzUY+LXhtirpHMIAZH4sms
+qph36okx+nrX7GowAP3NRYPgYibtP4Fbc1m19VmVxWNd7l7nr3k0apgsT+69tPRe
+2ZwjFuLJeQJknGQnbPkPB22mvyG7zJv9JrVgo7nsYeIufoeCzFl2sx5c1uQS5NW3
+D+eJP5s1ZmZj7fm/d8J1R/TX9Da527VUG1Q25bOuOxFoLpHMCNT0ABySLTOawCGU
+4I3AURp1sHH78hT/X4gzwnADUPoVN6PfkUbkkVRoL88jpyI4AHIOJBKF/RwoC+AS
+M3R7utv7JctVE3SkbWH0/4ihbV2mnYQWXSCgMLrJ4MT7pe4EvnZ4rHkZLEQxkGmR
+MriiEvnqv4lhReygXw8bsciWm2KpqwxmJ2Vas7fMiIi//aAgzxLrC0cQCdc29KeV
+pQS7vdV1OFghoL0y16OQ/ZIAdrmm11zKCl/iDxueOdxIuD2qKT+YKDVySOO4HPGD
+3JRmebwT2CNmK09T8dp06LDovVUNvc7reBQ7aFsjhtvnzedoKhOuoIHyZVfMWklv
+PtP70LwbQoVm073lQUsXiARC5UTA/RdqDgVrpgWtk6rs/uKHxkiOg20eMRGPaPV1
+srrz5Qn8Ao4EGwXUs1Qg5yhCecqErcaSyaVNri7Jx2k=
+=falI
+-----END PGP PUBLIC KEY BLOCK-----
+EOF
+}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("argocd_gpg_key.this", "id", "E1AD517B9137B635"),
+					resource.TestCheckResourceAttr("argocd_gpg_key.this", "fingerprint", "908179B1F3C00375F203CAAFE1AD517B9137B635"),
+					resource.TestCheckResourceAttr("argocd_gpg_key.this", "owner", "ArgoCD Terraform Provider <fakeuser@users.noreply.github.com>"),
+					resource.TestCheckResourceAttr("argocd_gpg_key.this", "sub_type", "rsa4096"),
+					resource.TestCheckResourceAttr("argocd_gpg_key.this", "trust", "unknown"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccArgoCDGPGKeyResource_Invalid_NotAGPGKey(t *testing.T) {
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: `
+resource "argocd_gpg_key" "invalid" {
+	public_key = "invalid"
+}
+				`,
+				ExpectError: regexp.MustCompile("Invalid PGP Public Key"),
+			},
+		},
+	})
+}
diff --git a/internal/provider/server_interface.go b/internal/provider/server_interface.go
index e2c3eb3e..58bbf081 100644
--- a/internal/provider/server_interface.go
+++ b/internal/provider/server_interface.go
@@ -14,6 +14,7 @@ import (
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient/applicationset"
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient/certificate"
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster"
+	"github.com/argoproj/argo-cd/v2/pkg/apiclient/gpgkey"
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient/project"
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient/repocreds"
 	"github.com/argoproj/argo-cd/v2/pkg/apiclient/repository"
@@ -37,6 +38,7 @@ type ServerInterface struct {
 	ApplicationSetClient applicationset.ApplicationSetServiceClient
 	CertificateClient    certificate.CertificateServiceClient
 	ClusterClient        cluster.ClusterServiceClient
+	GPGKeysClient        gpgkey.GPGKeyServiceClient
 	ProjectClient        project.ProjectServiceClient
 	RepoCredsClient      repocreds.RepoCredsServiceClient
 	RepositoryClient     repository.RepositoryServiceClient
@@ -101,6 +103,11 @@ func (si *ServerInterface) InitClients(ctx context.Context) diag.Diagnostics {
 		diags.Append(diagnostics.Error("failed to initialize cluster client", err)...)
 	}
 
+	_, si.GPGKeysClient, err = ac.NewGPGKeyClient()
+	if err != nil {
+		diags.Append(diagnostics.Error("failed to initialize GPG keys client", err)...)
+	}
+
 	_, si.ProjectClient, err = ac.NewProjectClient()
 	if err != nil {
 		diags.Append(diagnostics.Error("failed to initialize project client", err)...)
diff --git a/internal/sync/mutex.go b/internal/sync/mutex.go
new file mode 100644
index 00000000..eb24f6db
--- /dev/null
+++ b/internal/sync/mutex.go
@@ -0,0 +1,7 @@
+package sync
+
+import "sync"
+
+// GPGKeysMutex is used to handle concurrent access to ArgoCD GPG keys which are
+// stored in the `argocd-gpg-keys-cm` ConfigMap resource
+var GPGKeysMutex = &sync.RWMutex{}
diff --git a/internal/types/pgp_public_key.go b/internal/types/pgp_public_key.go
new file mode 100644
index 00000000..070aef31
--- /dev/null
+++ b/internal/types/pgp_public_key.go
@@ -0,0 +1,285 @@
+package types
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/ProtonMail/gopenpgp/v2/crypto"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/attr/xattr"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+)
+
+type pgpPublicKeyType uint8
+
+const (
+	PGPPublicKeyType pgpPublicKeyType = iota
+)
+
+var (
+	_ xattr.TypeWithValidate  = PGPPublicKeyType
+	_ basetypes.StringTypable = PGPPublicKeyType
+
+	_ basetypes.StringValuable                   = PGPPublicKey{}
+	_ basetypes.StringValuableWithSemanticEquals = PGPPublicKey{}
+)
+
+// TerraformType returns the tftypes.Type that should be used to represent this
+// framework type.
+func (t pgpPublicKeyType) TerraformType(_ context.Context) tftypes.Type {
+	return tftypes.String
+}
+
+// ValueFromString returns a StringValuable type given a StringValue.
+func (t pgpPublicKeyType) ValueFromString(_ context.Context, in types.String) (basetypes.StringValuable, diag.Diagnostics) {
+	if in.IsUnknown() {
+		return PGPPublicKeyUnknown(), nil
+	}
+
+	if in.IsNull() {
+		return PGPPublicKeyNull(), nil
+	}
+
+	return PGPPublicKey{
+		state: attr.ValueStateKnown,
+		value: in.ValueString(),
+	}, nil
+}
+
+// ValueFromTerraform returns a Value given a tftypes.Value.  This is meant to
+// convert the tftypes.Value into a more convenient Go type for the provider to
+// consume the data with.
+func (t pgpPublicKeyType) ValueFromTerraform(_ context.Context, in tftypes.Value) (attr.Value, error) {
+	if !in.IsKnown() {
+		return PGPPublicKeyUnknown(), nil
+	}
+
+	if in.IsNull() {
+		return PGPPublicKeyNull(), nil
+	}
+
+	var s string
+	err := in.As(&s)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return PGPPublicKey{
+		state: attr.ValueStateKnown,
+		value: s,
+	}, nil
+}
+
+// ValueType returns the Value type.
+func (t pgpPublicKeyType) ValueType(context.Context) attr.Value {
+	return PGPPublicKey{}
+}
+
+// Equal returns true if `o` is also a PGPPublicKeyType.
+func (t pgpPublicKeyType) Equal(o attr.Type) bool {
+	_, ok := o.(pgpPublicKeyType)
+	return ok
+}
+
+// ApplyTerraform5AttributePathStep applies the given AttributePathStep to the
+// type.
+func (t pgpPublicKeyType) ApplyTerraform5AttributePathStep(step tftypes.AttributePathStep) (interface{}, error) {
+	return nil, fmt.Errorf("cannot apply AttributePathStep %T to %s", step, t.String())
+}
+
+// String returns a human-friendly description of the PGPPublicKeyType.
+func (t pgpPublicKeyType) String() string {
+	return "types.PGPPublicKeyType"
+}
+
+// Validate implements type validation.
+func (t pgpPublicKeyType) Validate(ctx context.Context, in tftypes.Value, path path.Path) diag.Diagnostics {
+	var diags diag.Diagnostics
+
+	if !in.Type().Is(tftypes.String) {
+		diags.AddAttributeError(
+			path,
+			"PGPPublicKey Type Validation Error",
+			"An unexpected error was encountered trying to validate an attribute value. This is always an error in the provider. Please report the following to the provider developer:\n\n"+
+				fmt.Sprintf("Expected String value, received %T with value: %v", in, in),
+		)
+
+		return diags
+	}
+
+	if !in.IsKnown() || in.IsNull() {
+		return diags
+	}
+
+	var value string
+
+	err := in.As(&value)
+	if err != nil {
+		diags.AddAttributeError(
+			path,
+			"PGPPublicKey Type Validation Error",
+			"An unexpected error was encountered trying to validate an attribute value. This is always an error in the provider. Please report the following to the provider developer:\n\n"+
+				fmt.Sprintf("Error: %s", err),
+		)
+
+		return diags
+	}
+
+	_, err = crypto.NewKeyFromArmored(value)
+	if err != nil {
+		diags.AddAttributeError(
+			path,
+			"Invalid PGP Public Key",
+			err.Error())
+
+		return diags
+	}
+
+	return diags
+}
+
+func (t pgpPublicKeyType) Description() string {
+	return `PGP Public key in ASCII-armor base64 encoded format.`
+}
+
+func PGPPublicKeyNull() PGPPublicKey {
+	return PGPPublicKey{
+		state: attr.ValueStateNull,
+	}
+}
+
+func PGPPublicKeyUnknown() PGPPublicKey {
+	return PGPPublicKey{
+		state: attr.ValueStateUnknown,
+	}
+}
+
+func PGPPublicKeyValue(value string) PGPPublicKey {
+	return PGPPublicKey{
+		state: attr.ValueStateKnown,
+		value: value,
+	}
+}
+
+type PGPPublicKey struct {
+	// state represents whether the value is null, unknown, or known. The
+	// zero-value is null.
+	state attr.ValueState
+
+	// value contains the original string representation.
+	value string
+}
+
+// Type returns a PGPPublicKeyType.
+func (k PGPPublicKey) Type(_ context.Context) attr.Type {
+	return PGPPublicKeyType
+}
+
+// ToStringValue should convert the value type to a String.
+func (k PGPPublicKey) ToStringValue(ctx context.Context) (types.String, diag.Diagnostics) {
+	switch k.state {
+	case attr.ValueStateKnown:
+		return types.StringValue(k.value), nil
+	case attr.ValueStateNull:
+		return types.StringNull(), nil
+	case attr.ValueStateUnknown:
+		return types.StringUnknown(), nil
+	default:
+		return types.StringUnknown(), diag.Diagnostics{
+			diag.NewErrorDiagnostic(fmt.Sprintf("unhandled PGPPublicKey state in ToStringValue: %s", k.state), ""),
+		}
+	}
+}
+
+// ToTerraformValue returns the data contained in the *String as a string. If
+// Unknown is true, it returns a tftypes.UnknownValue. If Null is true, it
+// returns nil.
+func (k PGPPublicKey) ToTerraformValue(ctx context.Context) (tftypes.Value, error) {
+	t := PGPPublicKeyType.TerraformType(ctx)
+
+	switch k.state {
+	case attr.ValueStateKnown:
+		if err := tftypes.ValidateValue(t, k.value); err != nil {
+			return tftypes.NewValue(t, tftypes.UnknownValue), err
+		}
+
+		return tftypes.NewValue(t, k.value), nil
+	case attr.ValueStateNull:
+		return tftypes.NewValue(t, nil), nil
+	case attr.ValueStateUnknown:
+		return tftypes.NewValue(t, tftypes.UnknownValue), nil
+	default:
+		return tftypes.NewValue(t, tftypes.UnknownValue), fmt.Errorf("unhandled PGPPublicKey state in ToTerraformValue: %s", k.state)
+	}
+}
+
+// Equal returns true if `other` is a *PGPPublicKey and has the same value as `d`.
+func (k PGPPublicKey) Equal(other attr.Value) bool {
+	o, ok := other.(PGPPublicKey)
+
+	if !ok {
+		return false
+	}
+
+	if k.state != o.state {
+		return false
+	}
+
+	if k.state != attr.ValueStateKnown {
+		return true
+	}
+
+	return k.value == o.value
+}
+
+// IsNull returns true if the Value is not set, or is explicitly set to null.
+func (k PGPPublicKey) IsNull() bool {
+	return k.state == attr.ValueStateNull
+}
+
+// IsUnknown returns true if the Value is not yet known.
+func (k PGPPublicKey) IsUnknown() bool {
+	return k.state == attr.ValueStateUnknown
+}
+
+// String returns a summary representation of either the underlying Value,
+// or UnknownValueString (`<unknown>`) when IsUnknown() returns true,
+// or NullValueString (`<null>`) when IsNull() return true.
+//
+// This is an intentionally lossy representation, that are best suited for
+// logging and error reporting, as they are not protected by
+// compatibility guarantees within the framework.
+func (k PGPPublicKey) String() string {
+	if k.IsUnknown() {
+		return attr.UnknownValueString
+	}
+
+	if k.IsNull() {
+		return attr.NullValueString
+	}
+
+	return k.value
+}
+
+// ValuePGPPublicKey returns the known string value. If PGPPublicKey is null or unknown, returns "".
+func (k PGPPublicKey) ValuePGPPublicKey() string {
+	return k.value
+}
+
+// StringSemanticEquals should return true if the given value is
+// semantically equal to the current value. This logic is used to prevent
+// Terraform data consistency errors and resource drift where a value change
+// may have inconsequential differences, such as spacing character removal
+// in JSON formatted strings.
+//
+// Only known values are compared with this method as changing a value's
+// state implicitly represents a different value.
+func (k PGPPublicKey) StringSemanticEquals(ctx context.Context, other basetypes.StringValuable) (bool, diag.Diagnostics) {
+	return strings.TrimSpace(k.value) == strings.TrimSpace(other.String()), nil
+}
diff --git a/manifests/local-dev/gpg-key.tf b/manifests/local-dev/gpg-key.tf
new file mode 100644
index 00000000..c48e0586
--- /dev/null
+++ b/manifests/local-dev/gpg-key.tf
@@ -0,0 +1,33 @@
+resource "argocd_gpg_key" "this" {
+  public_key = <<EOF
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGSJdlcBEACnza+KvWLyKWUHJPhgs//HRL0EEmA/EcFKioBlrgPNYf/O7hNg
+KT3NDaNrD26pr+bOb4mfaqNNS9no8b9EP3C7Co3Wf2d4xpJ5/hlpIm3V652S5daZ
+I7ylVT8QOrhaqEnHH2hEcOfDaqjrYfrx3qiI8v7DmV6jfGi1tDUUgfJwiOyZk4q1
+jiPo5k4+XNp9mCtUAGyidLFcUqQ9XbHKgBwgAoxtIKNSbdPCGhsjgTHHhzswMH/Z
+DhhtcraqrfOhoP9lI4/zyCS+B9OfUy7BS/1SqWKIgdsjFIR+zHIOI69lh77+ZAVE
+MVYJBdFke5/g/tTPaQGuBqaIJ3d/Mi/ZlbTsoBcq5qam73uh7fcgBV5la6NeuNcR
+tvKMVl4DlnkJS8LBtElLEeHEylTCdNltrUFwshDKDBtq6ilTKCK14R6g4lkn8VcE
+9xx7Mhdh77tp66FRZ6ge1E8EUEFwEeFhp240KRyaA5U1/kAarn8083zZ7d4+QObp
+L4KMqgrwLaxyPLgu0J/f946qLewV7XsbZRXE1jQa9Z7W5TEoJwjcC79DXe1wChc6
+cBfCtluDsnklwvldpKTEZU0q/hKE6Zt7NjLUyExV+5guoHllxoVxx7sh+jtKm/J+
+5gh+B3xOTDxRV2XYIx1TM6U1iLxAqchzFec8dfkuTbs/5f++PrddvZfiUQARAQAB
+tD1BcmdvQ0QgVGVycmFmb3JtIFByb3ZpZGVyIDxmYWtldXNlckB1c2Vycy5ub3Jl
+cGx5LmdpdGh1Yi5jb20+iQJOBBMBCgA4FiEEvK9bNlncXDhFAk6kmtkpVUAdOI0F
+AmSJdlcCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQmtkpVUAdOI2FdA//
+YuFYsX6SUVgI4l68ZHE34jLTWU5R2ujB6luErcguAlLyDtrD3melva3V/ETc69/1
+5o7Ayn3a7uz5lCEvUSLsCN+V2o3EjrA81pt8Zs+Z9WYeZE5F5DnKzq81PObdASB7
+Po2X0qLqqKIhpQxc/E7m26xmePCf82H36gtvPiEVmVA5yduk1lLG3aZtNIRCa4VK
+gmDjR8Se+OZeAw7JQCOeJB9/Y8oQ8nVkj1SWNIICaUwIXHtrj7r1z6XTDAEkGeBg
+HXW8IEhZDE1Nq3vQtZvgwftEoPT/Ff+8DwvL1JUov2ObQDolallzKaiiVfGZhPJZ
+4PMtEPEmSL9QWJAG5jiBVC3BdVZtXBNkC1HqTCXwZc/wzp5O9MmMXmCrUFr4FfHu
+IZ560MNpp/SrtUrOahLmvuG0B+Ze96e2nm5ap5wkCDaQouOIqM7Lj+FGq64cu2B/
+oSsl7joBZQUYXv8meNOQssm6jArRLG2oFoiEdRqzd2/RjvvJliLN9OCNvV43f38h
+8Ep8RDi9RiHhSKvwrvDD9x/JRm6zQUetjrctmjdIYp8k129LrD0Qr9ULXfphZdrv
+xga7/lyQLmukLu7Mxwp+ss2bY/wjT8mlT5P55kBpXXyYILhLsUESCHG6D8/Ov+vv
+OoZS+BSfe/0vc1aTfDKxj5wAx27a6z5o25X27feEl3U=
+=kqkH
+-----END PGP PUBLIC KEY BLOCK-----
+EOF
+}