diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
index 1b3cb6c5..98994f47 100644
--- a/.github/.OwlBot.lock.yaml
+++ b/.github/.OwlBot.lock.yaml
@@ -13,5 +13,5 @@
 # limitations under the License.
 docker:
   image: gcr.io/cloud-devrel-public-resources/owlbot-python:latest
-  digest: sha256:ddf4551385d566771dc713090feb7b4c1164fb8a698fe52bbe7670b24236565b
-# created: 2023-06-27T13:04:21.96690344Z
+  digest: sha256:2d816f26f728ac8b24248741e7d4c461c09764ef9f7be3684d557c9632e46dbd
+# created: 2023-06-28T17:03:33.371210701Z
diff --git a/.kokoro/release/common.cfg b/.kokoro/release/common.cfg
index 764da078..ac0d62eb 100644
--- a/.kokoro/release/common.cfg
+++ b/.kokoro/release/common.cfg
@@ -38,3 +38,12 @@ env_vars: {
   key: "SECRET_MANAGER_KEYS"
   value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem"
 }
+
+# Store the packages we uploaded to PyPI.  That way, we have a record of exactly
+# what we published, which we can use to generate SBOMs and attestations.
+action {
+  define_artifacts {
+    regex: "github/python-iot/**/*.tar.gz"
+    strip_prefix: "github/python-iot"
+  }
+}
diff --git a/noxfile.py b/noxfile.py
index 6b57c246..7d411fea 100644
--- a/noxfile.py
+++ b/noxfile.py
@@ -379,6 +379,7 @@ def prerelease_deps(session):
         "grpcio!=1.52.0rc1",
         "grpcio-status",
         "google-api-core",
+        "google-auth",
         "proto-plus",
         "google-cloud-testutils",
         # dependencies of google-cloud-testutils"
@@ -391,7 +392,6 @@ def prerelease_deps(session):
     # Remaining dependencies
     other_deps = [
         "requests",
-        "google-auth",
     ]
     session.install(*other_deps)