diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6b6c27fe..7cd15570 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -34,4 +34,9 @@ jobs:
           # GitHub sets the GITHUB_TOKEN secret automatically.
           GITHUB_TOKEN: ${{ secrets.TAP_GITHUB_TOKEN }}
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
-          TAP_GITHUB_TOKEN: ${{ secrets.TAP_GITHUB_TOKEN }}
\ No newline at end of file
+          TAP_GITHUB_TOKEN: ${{ secrets.TAP_GITHUB_TOKEN }}
+          MACOS_SIGN_P12: ${{ secrets.MACOS_SIGN_P12 }}
+          MACOS_SIGN_PASSWORD: ${{ secrets.MACOS_SIGN_PASSWORD }}
+          MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
+          MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }}
+          MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 57e85bb0..9981c7f9 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -53,6 +53,19 @@ archives:
       - goos: windows
         formats: [zip]
 
+notarize:
+  macos:
+    - enabled: '{{ isEnvSet "MACOS_SIGN_P12" }}'
+      ids:
+        - ovh-cli
+      sign:
+        certificate: "{{ .Env.MACOS_SIGN_P12 }}"
+        password: "{{ .Env.MACOS_SIGN_PASSWORD }}"
+      notarize:
+        issuer_id: "{{ .Env.MACOS_NOTARY_ISSUER_ID }}"
+        key_id: "{{ .Env.MACOS_NOTARY_KEY_ID }}"
+        key: "{{ .Env.MACOS_NOTARY_KEY }}"
+
 changelog:
   sort: asc
   filters:
@@ -79,4 +92,4 @@ homebrew_casks:
     directory: Casks
     caveats: "See https://github.com/ovh/ovhcloud-cli for usage."
     homepage: "https://github.com/ovh/ovhcloud-cli"
-    description: "OVHcloud CLI - Command line interface for OVHcloud."
\ No newline at end of file
+    description: "OVHcloud CLI - Command line interface for OVHcloud."