diff --git a/infra/ansible/inventories/us-ny1/hosts.yml b/infra/ansible/inventories/us-ny1/hosts.yml
index 1ced38c..c4e52f1 100644
--- a/infra/ansible/inventories/us-ny1/hosts.yml
+++ b/infra/ansible/inventories/us-ny1/hosts.yml
@@ -13,6 +13,11 @@ all:
           zeitghost_domain: news.spiritwriter.ai
           # Bind-mount shard store to host for backup / rsync access
           zeitghost_host_shards: /home/frionode/.zeitghost/shards
+          # Fail-closed signing: ingest exits non-zero if no valid signing key
+          # is configured, rather than silently writing unsigned shards. Safe
+          # to arm now that ZEITGHOST_SIGNING_KEY is provisioned and verified
+          # signing in prod (signer 7c1d34f0…). See issue #6.
+          zeitghost_require_signing: 1
 
   vars:
     ansible_user: frionode