diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
index 241005b..a0d9e1c 100644
--- a/.github/workflows/build-and-publish.yml
+++ b/.github/workflows/build-and-publish.yml
@@ -1,7 +1,8 @@
 name: Build and Publish
 
 on: workflow_dispatch
-
+permissions:
+  id-token: write
 jobs:
   build-and-publish:
     name: Build & Upload Package
@@ -19,5 +20,13 @@ jobs:
           pip install --no-cache-dir "poetry==1.7.1"
       - name: build
         run: poetry build
-      - name: publish
-        run: poetry publish
+      - name: Publish to PyPi
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          verbose: true
+          print-hash: true
+      - name: Sign published artifacts
+        uses: sigstore/gh-action-sigstore-python@v2.1.0
+        with:
+          inputs: ./dist/*.tar.gz ./dist/*.whl
+          release-signing-artifacts: true