diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..7ad4f09
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,33 @@
+name: Release
+on:
+  release:
+    types: [created]
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    environment:
+      name: central
+      url: https://central.sonatype.com/artifact/nl.sanderdijkhuis/noise-kotlin
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # ratchet:actions/checkout@v3
+      - uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # ratchet:actions/setup-java@v3
+        with:
+          distribution: zulu
+          java-version: 8
+      - uses: gradle/gradle-build-action@749f47bda3e44aa060e82d7b3ef7e40d953bd629 # ratchet:gradle/gradle-build-action@v2
+      - name: Import GPG key
+        run: echo "${{ secrets.OSSRH_GPG_SECRET_KEY }}" | gpg --batch --import
+      - name: Export GPG keyring
+        run: echo "${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}" | gpg --batch --yes --keyring secring.gpg --export-secret-keys --passphrase-fd 0 --pinentry-mode loopback > ~/.gnupg/secring.gpg
+      - name: Configure Gradle
+        run: |
+          mkdir -p ~/.gradle
+          touch ~/.gradle/gradle.properties
+          echo "mavenUsername=${{ vars.OSSRH_USER }}" >> ~/.gradle/gradle.properties
+          echo "mavenPassword=${{ secrets.OSSRH_PASSWORD }}" >> ~/.gradle/gradle.properties
+          echo "signing.keyId=${{ vars.OSSRH_GPG_KEY_ID }}" >> ~/.gradle/gradle.properties
+          echo "signing.password=${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}" >> ~/.gradle/gradle.properties
+          echo "signing.secretKeyRingFile=$HOME/.gnupg/secring.gpg" >> ~/.gradle/gradle.properties
+      - run: ./gradlew publish