diff --git a/.github/workflows/ReleaseActions.yml b/.github/workflows/ReleaseActions.yml
index ed3691cd8..969620314 100644
--- a/.github/workflows/ReleaseActions.yml
+++ b/.github/workflows/ReleaseActions.yml
@@ -8,10 +8,16 @@ env:
   NODE_VERSION: 18
   PYTHON_VERSION: "3.x"
 
+permissions: {}
+
 jobs:
   deploy:
     runs-on: ubuntu-latest
     name: Deploy to PyPi
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
     steps:
       - uses: actions/checkout@v4.1.6
         with:
@@ -78,6 +84,11 @@ jobs:
           python setup.py sdist bdist_wheel
           twine upload dist/*
 
+      - name: Attest
+        uses: actions/attest-build-provenance@173725a1209d09b31f9d30a3890cf2757ebbff0d #v1.1.2
+        with:
+          subject-path: dist/*
+
       - name: Discord notification
         env:
           DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}