diff --git a/.circleci/config.yml b/.circleci/config.yml
index 1a1617ed407..b5c123bad58 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -426,7 +426,7 @@ jobs:
           command: './scripts/build/update_repo/update-deb.sh "oss" "$GPG_KEY_PASSWORD"'
       - run:
           name: Update RPM repository
-          command: 'ls'
+          command: './scripts/build/update_repo/update-rpm.sh "oss" "$GPG_KEY_PASSWORD"'
 
 workflows:
   version: 2
diff --git a/scripts/build/update_repo/sign-repo.sh b/scripts/build/update_repo/sign-deb-repo.sh
similarity index 100%
rename from scripts/build/update_repo/sign-repo.sh
rename to scripts/build/update_repo/sign-deb-repo.sh
diff --git a/scripts/build/update_repo/sign-rpm-repo.sh b/scripts/build/update_repo/sign-rpm-repo.sh
new file mode 100755
index 00000000000..f7e80756127
--- /dev/null
+++ b/scripts/build/update_repo/sign-rpm-repo.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env expect
+
+set password [lindex $argv 0]
+spawn gpg --detach-sign --armor /rpm-repo/repodata/repomd.xml
+expect "Enter passphrase: "
+send -- "$password\r"
+expect eof
diff --git a/scripts/build/update_repo/update-deb.sh b/scripts/build/update_repo/update-deb.sh
index d1694f0fee0..f2eb2f0dfd3 100755
--- a/scripts/build/update_repo/update-deb.sh
+++ b/scripts/build/update_repo/update-deb.sh
@@ -29,7 +29,7 @@ aptly repo add grafana ./dist
 echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
 echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf
 
-./scripts/build/update_repo/sign-repo.sh "$GPG_PASS"
+./scripts/build/update_repo/sign-deb-repo.sh "$GPG_PASS"
 
 # Update the repo and db on gcp
 gsutil -m rsync -r -d /deb-repo/db gs://grafana-aptly-db/repo-db
diff --git a/scripts/build/update_repo/update-rpm.sh b/scripts/build/update_repo/update-rpm.sh
index 212c4ba239e..ca943957fe4 100755
--- a/scripts/build/update_repo/update-rpm.sh
+++ b/scripts/build/update_repo/update-rpm.sh
@@ -1 +1,43 @@
-#!/usr/bin/env bash
\ No newline at end of file
+#!/usr/bin/env bash
+
+RELEASE_TYPE="${1:-}"
+GPG_PASS="${2:-}"
+
+if [ -z "$RELEASE_TYPE" -o -z "$GPG_PASS" ]; then
+    echo "Both RELEASE_TYPE (arg 1) and GPG_PASS (arg 2) has to be set"
+    exit 1
+fi
+
+set -e
+
+# Setup environment
+mkdir -p /rpm-repo
+
+# Download the database
+gsutil -m rsync -r "gs://grafana-repo/$RELEASE_TYPE/rpm" /rpm-repo
+
+# Add the new release to the repo
+cp ./dist/*.rpm /rpm-repo
+cd /rpm-repo
+createrepo .
+
+# Setup signing and sign the repo
+
+echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
+echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf
+
+./scripts/build/update_repo/sign-rpm-repo.sh "$GPG_PASS"
+
+# Update the repo and db on gcp
+gsutil -m rsync -r -d /rpm-repo "gs://grafana-repo/$RELEASE_TYPE/rpm"
+
+# usage:
+# [grafana]
+# name=grafana
+# baseurl=https://grafana-repo.storage.googleapis.com/oss/rpm
+# repo_gpgcheck=1
+# enabled=1
+# gpgcheck=1
+# gpgkey=https://grafana-repo.storage.googleapis.com/gpg.key https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana
+# sslverify=1
+# sslcacert=/etc/pki/tls/certs/ca-bundle.crt# later: