diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 9b0a8f2..f000cfb 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -33,3 +33,14 @@ jobs:
                   IMAGE_TAG: "docker.io/botsudo/action-doctum:latest"
                   PLATFORM: "linux/amd64,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6"
                   ACTION: push
+
+            - name: Sign and push the manifest
+              uses: sudo-bot/action-docker-sign@latest
+              with:
+                  image-ref: "docker.io/botsudo/action-doctum:latest"
+                  # Please use the repository key for the manifest or pull will not work
+                  private-key-id: "${{ secrets.DOCKER_PRIVATE_KEY_ID }}"
+                  private-key: ${{ secrets.DOCKER_PRIVATE_KEY }}
+                  private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }}
+                  sign-manifest: true
+                  notary-auth: "${{ secrets.DOCKER_REPOSITORY_LOGIN }}:${{ secrets.DOCKER_REPOSITORY_PASSWORD }}"