diff --git a/.drone.yml b/.drone.yml
index 1269e5f..058b6e0 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -89,7 +89,7 @@ kind: pipeline
 type: kubernetes
 name: build:tags
 steps:
-  - name: build $DRONE_TAG
+  - name: build_tag
     image: plugins/docker
     user: 0
     depends_on: [clone]
@@ -103,14 +103,23 @@ steps:
         - "${DRONE_TAG}"
       registry: registry.odit.services
       mtu: 1000
-  - name: gitea_release
-    image: plugins/gitea-release
-    settings:
-      title: Release ${DRONE_TAG}
-      note: "Pull: `docker pull registry.odit.services/library/nginx-brotli:${DRONE_TAG}`"
-      api_key:
-        from_secret: gitea_token
-      base_url: https://git.odit.services
+  - name: sign_image
+    depends_on: [build_tag]
+    image: registry.odit.services/hub/library/alpine:edge
+    commands:
+      - apk add cosign docker
+      - echo $COSIGN_KEY > cosign.key
+      - echo $DOCKER_PASSWORD | docker login registry.odit.services -u $DOCKER_USERNAME --password-stdin
+      - cosign sign --key cosign.key registry.odit.services/library/nginx-brotli:${DRONE_TAG}
+    environment:
+      COSIGN_KEY:
+        from_secret: cosign_key
+      COSIGN_PASSWORD:
+        from_secret: cosign_password
+      DOCKER_PASSWORD:
+        from_secret: docker_password
+      DOCKER_USERNAME:
+        from_secret: docker_username
 trigger:
   event:
     - tag
@@ -185,4 +194,4 @@ steps:
       mtu: 1000
 trigger:
   event:
-    - pull_request
\ No newline at end of file
+    - pull_request