diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 420ee32..42c430e 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -11,6 +11,9 @@ jobs:
     permissions:
       contents: write # Required for creating the GitHub release
       packages: write # Required for pushing to GitHub Container Registry
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
     steps:
     - name: 🛑 Cancel Previous Runs
       uses: styfle/cancel-workflow-action@0.9.1
@@ -62,6 +65,7 @@ jobs:
         username: ${{ github.repository_owner }}
         password: ${{ secrets.PAT }} # `PAT` is a secret that contains your Personal Access Token with `write:packages` scope
     - name: Build and push Gimlet image
+      id: build-and-push
       uses: docker/build-push-action@v4.2.1
       with:
         context: .
@@ -80,3 +84,11 @@ jobs:
         --source=${{ github.repositoryUrl }} \
         --revision="${{ github.ref_name }}@sha1:${{ github.sha }}" \
         --annotations='org.opencontainers.image.description=Capacitor install manifests for Flux'
+    - name: Install cosign
+      uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
+      with:
+        cosign-release: 'v2.1.1'
+    - name: Sign oci artifacts
+      run: |
+        # keyless mode
+        cosign sign ghcr.io/gimlet-io/capacitor-manifests:${{ steps.version.outputs.version }} -y
diff --git a/README.md b/README.md
index 4d0e603..7bedf6d 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,11 @@ spec:
   url: oci://ghcr.io/gimlet-io/capacitor-manifests
   ref:
     semver: ">=0.1.0"
+  verify:
+    provider: cosign
+    matchOIDCIdentity:
+      - issuer: "https://token.actions.githubusercontent.com"
+        subject: "^https://github.com/gimlet-io/capacitor.*$" 
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization