diff --git a/MANIFEST.in b/MANIFEST.in
new file mode 100644
index 0000000..9a4e212
--- /dev/null
+++ b/MANIFEST.in
@@ -0,0 +1 @@
+recursive-include signatures *
\ No newline at end of file
diff --git a/badges.py b/badges.py
index ce8e01b..2047be4 100644
--- a/badges.py
+++ b/badges.py
@@ -2,6 +2,7 @@
 from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
 from cryptography.exceptions import InvalidSignature
 import json
+import pkg_resources as pkgrs
 
 @click.command() 
 @click.option('-b','--badge-name',help="name of the badge formated like type.YYYY-MM-DD")
@@ -21,7 +22,9 @@ def verify_badge(badge_name,approver,signature):
     # read public key for the approver
     # TODO: fix this to read from installed package data
     # TODO: make install save the file 
-    with open(approver,'rb') as f:
+    approver_rel = os.path.join('signatures', approver)
+    approver_key_file = pkgrs.resource_filename(__name__,approver_rel)
+    with open(approver_key_file, 'rb') as f:
         public_bytes = f.read() # read file
 
     signer_key = Ed25519PublicKey.from_public_bytes(public_bytes)
diff --git a/setup.py b/setup.py
index 192b110..808c424 100644
--- a/setup.py
+++ b/setup.py
@@ -19,4 +19,7 @@
             'verifyjson = badges:process_badges'
         ],
     },
+
+    zip_safe=False,
+    include_package_data=True,
 )