diff --git a/.scripts/actions/install_helm.sh b/.scripts/actions/install_helm.sh
index b1f667d..dd3c539 100755
--- a/.scripts/actions/install_helm.sh
+++ b/.scripts/actions/install_helm.sh
@@ -7,14 +7,17 @@ PLATFORM=$("$GITHUB_ACTION_PATH/../.scripts/actions/get_platform.sh")
 ARCH=$("$GITHUB_ACTION_PATH/../.scripts/actions/get_architecture.sh")
 
 FILENAME="helm-${HELM_VERSION}-${PLATFORM}-${ARCH}.tar.gz"
+VERIFY_SIGNATURE="${VERIFY_SIGNATURE:-true}"
 
 echo "::group::Install helm"
 mkdir /tmp/helm
 curl -fsSL -o /tmp/helm/helm.tar.gz "https://get.helm.sh/${FILENAME}"
-curl -fsSL -o /tmp/helm/helm.tar.gz.asc "https://github.com/helm/helm/releases/download/${HELM_VERSION}/${FILENAME}.asc"
 
-curl https://keybase.io/mattfarina/pgp_keys.asc | gpg --import
-gpg --verify /tmp/helm/helm.tar.gz.asc /tmp/helm/helm.tar.gz
+if [[ "$VERIFY_SIGNATURE" == "true" ]]; then
+  curl -fsSL -o /tmp/helm/helm.tar.gz.asc "https://github.com/helm/helm/releases/download/${HELM_VERSION}/${FILENAME}.asc"
+  curl https://keybase.io/mattfarina/pgp_keys.asc | gpg --import
+  gpg --verify /tmp/helm/helm.tar.gz.asc /tmp/helm/helm.tar.gz
+fi
 
 tar --directory="/tmp/helm" --strip-components=1 -zxvf /tmp/helm/helm.tar.gz "${PLATFORM}-${ARCH}"
 # Overwrite the existing binary
diff --git a/setup-k8s-tools/action.yaml b/setup-k8s-tools/action.yaml
index c578360..f6e262c 100644
--- a/setup-k8s-tools/action.yaml
+++ b/setup-k8s-tools/action.yaml
@@ -35,5 +35,7 @@ runs:
       env:
         HELM_VERSION: ${{ inputs.helm-version }}
         GITHUB_DEBUG: ${{ runner.debug }}
+        # The signature is expired since a couple of years...
+        VERIFY_SIGNATURE: "false"
       shell: bash
       run: "$GITHUB_ACTION_PATH/../.scripts/actions/install_helm.sh"