diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
new file mode 100644
index 000000000..193db2b94
--- /dev/null
+++ b/.github/workflows/pypi.yml
@@ -0,0 +1,46 @@
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: detect-secrets-pypi
+
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+
+  tox: 
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+        python: ['3.6', '3.7', '3.8', '3.9']
+    steps:
+    - uses: actions/checkout@v2
+    - uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python }}
+    - run: python -m pip install --upgrade setuptools pip tox virtualenv
+    # Run tox only for the installed py version on the runner as outlined in the python matrix
+    # Ensures the correct py version is installed and tested as opposed to 'tox' which attempts to run for all py versions in tox.ini
+    - run: tox -e py
+    - run: tox -e mypy
+
+  deploy:
+    # lets run tests before we push anything to pypi, much like we do internally
+    needs: tox
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: '3.x'
+    # this will create a .tar.gz with all the code (i.e., an sdist)
+    - run: python setup.py sdist
+    # and finally, upload the above sdist to public PyPI
+    - uses: pypa/gh-action-pypi-publish@v1.5.0
+      with:
+        password: ${{ secrets.pypi_password }}
\ No newline at end of file