diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 5ec4252..9874769 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -34,6 +34,7 @@ env:
 
 jobs:
   build:
+    environment: production
     strategy:
       fail-fast: ${{ startsWith(github.ref, 'refs/tags/') || github.event.inputs.fail_fast == 'true' }}
       
@@ -140,6 +141,23 @@ jobs:
           path: |
             spotify-quickauth.exe
       
+      - name: Install rsign2
+        uses: taiki-e/install-action@v2
+        with:
+          tool: rsign2
+      
+      - name: Sign Archive
+        env:
+          ARCHIVE_PATH: ${{ env.ARCHIVE_DIR }}/${{ env.ARCHIVE }}
+        run: |
+          echo "{{ secrets.MINISIGN_KEY }}" > minisign.key
+          
+          ts=$(node -e 'console.log((new Date).toISOString())')
+          git=$(git rev-parse HEAD)
+          comment="gh=$GITHUB_REPOSITORY git=$git ts=$ts run=$GITHUB_RUN_ID"
+          
+          rsign sign -W -s minisign.key -x "${{ env.ARCHIVE_PATH }}.sig" -t "$comment" "${{ env.ARCHIVE_PATH }}"
+      
       - name: Upload Artifact
         if: ${{ !startsWith(github.ref, 'refs/tags/') }}
         uses: actions/upload-artifact@v4
@@ -155,6 +173,7 @@ jobs:
         with:
           files: |
             ${{ env.ARCHIVE_DIR }}/${{ env.ARCHIVE }}
+            ${{ env.ARCHIVE_DIR }}/${{ env.ARCHIVE }}.sig
           generate_release_notes: true
 
       - name: cargo login
diff --git a/Cargo.toml b/Cargo.toml
index 0f4397c..5922d10 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -10,6 +10,10 @@ repository = "https://github.com/Xevion/spotify-quickauth"
 license = "MIT OR Apache-2.0"
 readme = "CARGO_README.md"
 
+[package.metadata.binstall.signing]
+algorithm = "minisign"
+pubkey = "RWR4y+tYx6jem6tVD60RsR/P8fNm+KBT0b4wxTY0a4L/8cN3R85KXyPi"
+
 [dependencies]
 librespot-discovery = {  version = "0.4.2" }
 librespot-core = { version = "0.4.2" }