diff --git a/.github/workflows/release-to-pypi.yml b/.github/workflows/release-to-pypi.yml
index c6b88fb..2531b66 100644
--- a/.github/workflows/release-to-pypi.yml
+++ b/.github/workflows/release-to-pypi.yml
@@ -10,6 +10,11 @@ jobs:
   build:
     runs-on: ubuntu-24.04
 
+    permissions:
+      attestations: write
+      contents: read
+      id-token: write
+
     steps:
       - uses: actions/checkout@v4
 
@@ -27,6 +32,11 @@ jobs:
       - name: Build package
         run: poetry build
 
+      - name: Attest
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: dist/*
+
       - name: Store release files
         uses: actions/upload-artifact@v4
         with: