diff --git a/.github/workflows/release-signing.yaml b/.github/workflows/release-signing.yaml
new file mode 100644
index 000000000..4956b577f
--- /dev/null
+++ b/.github/workflows/release-signing.yaml
@@ -0,0 +1,28 @@
+# SPDX-FileCopyrightText: 2026 Contributors to the OpenSTEF project <openstef@lfenergy.org>
+# SPDX-License-Identifier: MPL-2.0
+
+name: Sign Release Artifacts
+
+on:
+  release:
+    types: [published]
+
+permissions: {}
+
+jobs:
+  sign-release:
+    name: Sign release artifacts with Sigstore
+    runs-on: ubuntu-latest
+    if: ${{ startsWith(github.ref, 'refs/tags/v4.') }}
+
+    permissions:
+      # Needed to mint an OIDC token for Sigstore
+      id-token: write
+      # Needed to upload signing artifacts to the GitHub Release
+      contents: write
+
+    steps:
+      - name: Sign all release artifacts
+        uses: sigstore/gh-action-sigstore-python@v3.2.0
+        with:
+          release-signing-artifacts: true
diff --git a/.github/workflows/release-v4.yaml b/.github/workflows/release-v4.yaml
index 12c5ab5c9..207036a9b 100644
--- a/.github/workflows/release-v4.yaml
+++ b/.github/workflows/release-v4.yaml
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2025 Contributors to the OpenSTEF project <openstef@lfenergy.org>
+# SPDX-FileCopyrightText: 2026 Contributors to the OpenSTEF project <openstef@lfenergy.org>
 # SPDX-License-Identifier: MPL-2.0
 
 name: Release V4
@@ -79,5 +79,10 @@ jobs:
         run: poe build
       - name: Publish packages
         run: uv publish --trusted-publishing always
+      - name: Upload release assets
+        if: github.event_name == 'release'
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v2.2.2
+        with:
+          files: dist/*
       - name: Summary
         run: echo "Published version ${{ steps.ver.outputs.version }}"