diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 65af50f48..05338d112 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,6 +25,13 @@ jobs:
         with:
           go-version: 1.20.6
 
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v5
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.GPG_PASSPHRASE }}
+
       - name: Building static assets
         run: (cd web/client && yarn install --immutable && yarn build)
 
@@ -38,6 +45,7 @@ jobs:
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
   docker:
     runs-on: ubuntu-latest
     if: contains(toJson(github.event.commits), '[action]') == false
diff --git a/.goreleaser.yml b/.goreleaser.yml
index d1bfa08f5..a22d128b0 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -2,6 +2,10 @@ before:
   hooks:
     - go generate ./...
     - go mod download
+signs:
+  - artifacts: checksum
+    args: ["--batch", "-u", "{{ .Env.GPG_FINGERPRINT }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
+    signature: "${artifact}.gpg"
 builds:
 - env:
   - CGO_ENABLED=0