diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 0b97b2d07f..1739005243 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -13,8 +13,19 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
+
+      - name: Install tejolote
+        uses: kubernetes-sigs/release-actions/setup-tejolote@dd08496c83441d6477114cc0555b96d404dacff7 # v0.1.2
+
+      - name: Run tejolote 
+        env:
+          TAG: ${{ github.ref_name }}
+        run: |
+          tejolote attest --artifacts "github://kubernetes-sigs/karpenter/${TAG}" "github://kubernetes-sigs/karpenter/${{ github.run_id }}" --output karpenter.intoto.json --sign
+
       - name: Create Github Release
         uses: marvinpinto/action-automatic-releases@919008cf3f741b179569b7a6fb4d8860689ab7f0 # v1.2.1
         with:
+          files: karpenter.intoto.json
           repo_token: "${{ secrets.GITHUB_TOKEN }}"
           prerelease: false