diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6895298..1c43bfb 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,9 +7,10 @@ on:
 
 # Minimal permissions — only grant what's needed.
 permissions:
-  contents: write    # create GitHub releases & upload assets
-  id-token: write    # OIDC token for keyless cosign signing
-  packages: write    # push Docker images
+  contents: write       # create GitHub releases & upload assets
+  id-token: write       # OIDC token for keyless cosign signing
+  packages: write       # push Docker images
+  attestations: write   # generate build provenance attestations
 
 jobs:
   release:
@@ -59,3 +60,10 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           HOMEBREW_TAP_TOKEN: ${{ secrets.GO_RELEASER_GITHUB_TOKEN }}
+
+      - name: Generate build provenance attestations
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
+        with:
+          subject-path: |
+            dist/*.tar.gz
+            dist/checksums.txt
diff --git a/README.md b/README.md
index d556047..459f97d 100644
--- a/README.md
+++ b/README.md
@@ -73,6 +73,16 @@ agent-vault server -d
 
 The server starts the HTTP API on port `14321` and a TLS-encrypted transparent HTTPS proxy on port `14322`. A web UI is available at `http://localhost:14321`.
 
+### Verifying downloaded release binaries
+
+Release archives published from this workflow ship with a build provenance attestation tied to the GitHub Actions run that produced them. Verify with the `gh` CLI (no extra tools, no key management):
+
+```bash
+gh attestation verify agent-vault_*.tar.gz --repo Infisical/agent-vault
+```
+
+`checksums.txt` is also covered by the same attestation, and its cosign signature continues to verify with `cosign verify-blob` for users who prefer that path.
+
 ## Quickstart
 
 ### CLI — local agents (Claude Code, Cursor, Codex, OpenClaw, Hermes, OpenCode)