using this repo:

[passbolt-server]
name=Passbolt Server
baseurl=https://download.passbolt.com/ce/rpm/opensuse/stable
enabled=1
gpgcheck=1
gpgkey=https://download.passbolt.com/pub.key


leads to

# zypper ref
Refreshing service 'container-suseconnect-zypp'.
Repository 'SLE_BCI' is up to date.                                                                                                                                    
Looking for gpg key ID C155581D in cache /var/cache/zypp/pubkeys.
Looking for gpg key ID C155581D in repository Passbolt Server.
  gpgkey=https://download.passbolt.com/pub.key
Warning: File 'repomd.xml' from repository 'Passbolt Server' is signed with an unknown key 'DE8B853FC155581D'.

    Note: Signing data enables the recipient to verify that no modifications occurred after the data
    were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
    and in extreme cases even to a system compromise.

    Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the
    whole repo.

    Warning: We can't verify that no one meddled with this file, so it might not be trustworthy
    anymore! You should not continue unless you know it's safe.

File 'repomd.xml' from repository 'Passbolt Server' is signed with an unknown key 'DE8B853FC155581D'.
Continue? [yes/no] (no): no

so there is no https:// url support in the gpgkey? this seems to be working in other distros (yum, dnf)