diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ff13d06..aa7ec07 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,4 +1,4 @@
-name: Create, publish container image
+name: Create, publish, sign and verify container image
 
 on:
   push:
@@ -10,7 +10,7 @@ env:
 
 jobs:
 
-  build-push:
+  build-push-sign-verify:
     strategy:
       matrix:
         os: [ubuntu-latest]
@@ -50,13 +50,9 @@ jobs:
         uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: |
-            type=ref,event=branch
-            type=ref,event=tag
-            type=ref,event=pr
-            type=sha
 
       - name: Build and push Docker image
+        id: build
         uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9
         with:
           context: .
@@ -70,13 +66,9 @@ jobs:
         uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-init
-          tags: |
-            type=ref,event=branch
-            type=ref,event=tag
-            type=ref,event=pr
-            type=sha
 
       - name: Build and push Docker image (paralus-init)
+        id: build-init
         uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9
         with:
           context: .
@@ -91,13 +83,9 @@ jobs:
         uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175
         with:
           images: ${{ env.REGISTRY }}/paralusio/kratos-synchronizer
-          tags: |
-            type=ref,event=branch
-            type=ref,event=tag
-            type=ref,event=pr
-            type=sha
 
       - name: Build and push Docker image (kratos-sync)
+        id: build-sync
         uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9
         with:
           context: .
@@ -105,4 +93,29 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.meta-sync.outputs.tags }}
-          labels: ${{ steps.meta-sync.outputs.labels }}
\ No newline at end of file
+          labels: ${{ steps.meta-sync.outputs.labels }}
+      
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.1.1
+
+      - name: Check Cosign
+        run: cosign version
+
+      - name: Sign Published Docker image using Cosign
+        run: |
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY \
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }} \
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-init@${{ steps.build-init.outputs.digest }}  \
+            ${{ env.REGISTRY }}/paralusio/kratos-synchronizer@${{ steps.build-sync.outputs.digest }}
+        env:
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+        
+      - name: Verify Cosign Signature
+        run: |
+          cosign verify --key env://COSIGN_PUBLIC_KEY \
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} \
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-init:${{ github.ref_name }}  \
+            ${{ env.REGISTRY }}/paralusio/kratos-synchronizer:${{ github.ref_name }}
+        env:
+          COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}