diff --git a/cli/repo/repo_update.go b/cli/repo/repo_update.go
index 2babd8cc2..ebf575f1d 100644
--- a/cli/repo/repo_update.go
+++ b/cli/repo/repo_update.go
@@ -32,8 +32,21 @@ var repoUpdateCmd = &cli.Command{
 	Action:    repoUpdate,
 	Flags: []cli.Flag{
 		&cli.BoolFlag{
-			Name:  "trusted",
-			Usage: "repository is trusted",
+			Name:  "trusted-security",
+			Usage: "repository is security trusted",
+		},
+		&cli.BoolFlag{
+			Name:  "trusted-volumes",
+			Usage: "repository is volumes trusted",
+		},
+		&cli.BoolFlag{
+			Name:  "trusted-network",
+			Usage: "repository is network trusted",
+		},
+		&cli.BoolFlag{
+			Name:   "trusted", // TODO: remove in next release
+			Usage:  "repository is trusted",
+			Hidden: true,
 		},
 		&cli.BoolFlag{
 			Name:   "gated", // TODO: remove in next release
@@ -81,15 +94,36 @@ func repoUpdate(ctx context.Context, c *cli.Command) error {
 		visibility      = c.String("visibility")
 		config          = c.String("config")
 		timeout         = c.Duration("timeout")
-		trusted         = c.Bool("trusted")
 		requireApproval = c.String("require-approval")
 		pipelineCounter = c.Int("pipeline-counter")
 		unsafe          = c.Bool("unsafe")
 	)
 
 	patch := new(woodpecker.RepoPatch)
+	// TODO remove in next release
 	if c.IsSet("trusted") {
-		patch.IsTrusted = &trusted
+		trusted := c.Bool("trusted")
+		patch.Trusted = &woodpecker.TrustedConfigurationPatch{
+			Network:  &trusted,
+			Security: &trusted,
+			Volumes:  &trusted,
+		}
+	}
+	if c.IsSet("trusted-security") || c.IsSet("trusted-network") || c.IsSet("trusted-volumes") {
+		patch.Trusted = new(woodpecker.TrustedConfigurationPatch)
+
+		if c.IsSet("trusted-security") {
+			t := c.Bool("trusted-security")
+			patch.Trusted.Security = &t
+		}
+		if c.IsSet("trusted-network") {
+			t := c.Bool("trusted-network")
+			patch.Trusted.Security = &t
+		}
+		if c.IsSet("trusted-volumes") {
+			t := c.Bool("trusted-volumes")
+			patch.Trusted.Security = &t
+		}
 	}
 
 	// TODO: remove in next release
diff --git a/woodpecker-go/woodpecker/types.go b/woodpecker-go/woodpecker/types.go
index 98fa6aa97..b4e26a54a 100644
--- a/woodpecker-go/woodpecker/types.go
+++ b/woodpecker-go/woodpecker/types.go
@@ -78,15 +78,23 @@ type (
 		NetrcTrustedPlugins          []string             `json:"netrc_trusted"`
 	}
 
+	TrustedConfigurationPatch struct {
+		Network  *bool `json:"network"`
+		Volumes  *bool `json:"volumes"`
+		Security *bool `json:"security"`
+	}
+
 	// RepoPatch defines a repository patch request.
 	RepoPatch struct {
-		Config          *string       `json:"config_file,omitempty"`
-		IsTrusted       *bool         `json:"trusted,omitempty"`
-		RequireApproval *ApprovalMode `json:"require_approval,omitempty"`
-		Timeout         *int64        `json:"timeout,omitempty"`
-		Visibility      *string       `json:"visibility"`
-		AllowPull       *bool         `json:"allow_pr,omitempty"`
-		PipelineCounter *int          `json:"pipeline_counter,omitempty"`
+		Config *string `json:"config_file,omitempty"`
+		// Deprecated: use Trusted (broken - only exists for backwards compatibility)
+		IsTrusted       *bool                      `json:"-,omitempty"`
+		Trusted         *TrustedConfigurationPatch `json:"trusted,omitempty"`
+		RequireApproval *ApprovalMode              `json:"require_approval,omitempty"`
+		Timeout         *int64                     `json:"timeout,omitempty"`
+		Visibility      *string                    `json:"visibility"`
+		AllowPull       *bool                      `json:"allow_pr,omitempty"`
+		PipelineCounter *int                       `json:"pipeline_counter,omitempty"`
 	}
 
 	PipelineError struct {