diff --git a/internal/config/config.go b/internal/config/config.go
index 430c1fba814c67780d11bb3a7d3c67633337f3c7..cd71ee9f35a6fb761655ebea18aea1eba1fd8fde 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -1,6 +1,8 @@
 package config
 
 import (
+	"strings"
+
 	"gopkg.in/yaml.v2"
 
 	"fmt"
@@ -28,7 +30,7 @@ type Config struct {
 type User struct {
 	Name        string   `yaml:"name"`
 	Admin       bool     `yaml:"admin"`
-	PublicKey   string   `yaml:"public-key"`
+	PublicKeys  []string `yaml:"public-keys"`
 	CollabRepos []string `yaml:"collab-repos"`
 }
 
@@ -64,7 +66,11 @@ func NewConfig(host string, port int, pk string, rs *git.RepoSource) (*Config, e
 	}
 	yamlConfig := fmt.Sprintf(defaultConfig, displayHost, port, anonAccess)
 	if pk != "" {
-		yamlUsers = fmt.Sprintf(hasKeyUserConfig, pk)
+		pks := ""
+		for _, key := range strings.Split(strings.TrimSpace(pk), "\n") {
+			pks += fmt.Sprintf("      - %s\n", key)
+		}
+		yamlUsers = fmt.Sprintf(hasKeyUserConfig, pks)
 	} else {
 		yamlUsers = defaultUserConfig
 	}
diff --git a/internal/config/defaults.go b/internal/config/defaults.go
index 9267293bed304b6c09d6db6d1b49e09c209d415b..70c28962234ae50e49aa219e2a882311264382e0 100644
--- a/internal/config/defaults.go
+++ b/internal/config/defaults.go
@@ -25,19 +25,19 @@ const hasKeyUserConfig = `
 users:
   - name: admin
     admin: true
-    public-key:
-      %s`
+    public-keys:
+%s`
 
 const defaultUserConfig = `
 # users:
 #   - name: admin
 #     admin: true
-#     public-key:
-#       KEY TEXT`
+#     public-keys:
+#       - KEY TEXT`
 
 const exampleUserConfig = `
 #   - name: Example User
 #     collab-repos:
 #       - REPO
-#     public-key:
-#       KEY TEXT`
+#     public-keys:
+#       - KEY TEXT`
diff --git a/internal/config/git.go b/internal/config/git.go
index 184dde11e1d84f0cf04dd5c3b462546c2195806d..35a9757da4c1f3ad3306f67070455d5dbd7a5ced 100644
--- a/internal/config/git.go
+++ b/internal/config/git.go
@@ -2,6 +2,7 @@ package config
 
 import (
 	"log"
+	"strings"
 
 	gm "github.com/charmbracelet/wish/git"
 	"github.com/gliderlabs/ssh"
@@ -43,22 +44,24 @@ func (cfg *Config) accessForKey(repo string, pk ssh.PublicKey) gm.AccessLevel {
 		private = true
 	}
 	for _, u := range cfg.Users {
-		apk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(u.PublicKey))
-		if err != nil {
-			log.Printf("error: malformed authorized key: '%s'", u.PublicKey)
-			return gm.NoAccess
-		}
-		if ssh.KeysEqual(pk, apk) {
-			if u.Admin {
-				return gm.AdminAccess
+		for _, k := range u.PublicKeys {
+			apk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(strings.TrimSpace(k)))
+			if err != nil {
+				log.Printf("error: malformed authorized key: '%s'", k)
+				return gm.NoAccess
 			}
-			for _, r := range u.CollabRepos {
-				if repo == r {
-					return gm.ReadWriteAccess
+			if ssh.KeysEqual(pk, apk) {
+				if u.Admin {
+					return gm.AdminAccess
+				}
+				for _, r := range u.CollabRepos {
+					if repo == r {
+						return gm.ReadWriteAccess
+					}
+				}
+				if !private {
+					return gm.ReadOnlyAccess
 				}
-			}
-			if !private {
-				return gm.ReadOnlyAccess
 			}
 		}
 	}