diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 614283131..af42db232 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -29,13 +29,17 @@ jobs:
         id: codesign
         env:
           VERSION: v0
+      -
+        name: Import PGP key for archive signing
+        run: echo -e "${{ secrets.PGP_SIGNING_KEY }}" | gpg --import
       -
         name: Release
         uses: goreleaser/goreleaser-action@v1
         with:
           version: latest
-          args: release --skip-sign
+          args: release
         env:
+          PGP_USER_ID: ${{ secrets.PGP_USER_ID }}
           CODESIGN_IMAGE: ${{ steps.codesign.outputs.image }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 9c66dac59..0b40f40e7 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -50,5 +50,10 @@ checksum:
   name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
   algorithm: sha256
 
+signs:
+  -
+    args: ["-u", "{{ .Env.PGP_USER_ID }}", "--output", "${signature}", "--detach-sign", "${artifact}"]
+    artifacts: checksum
+
 changelog:
   skip: true