diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 38388fa..e883c8b 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -18,6 +18,8 @@ jobs:
     permissions:
       contents: read
       packages: write
+      id-token: write
+      attestations: write
     outputs:
       digest: ${{ steps.docker.outputs.digest }}
     steps:
@@ -33,4 +35,11 @@ jobs:
           no-cache: true
           push: true
           cache-from: ''
-          cache-to: ''
\ No newline at end of file
+          cache-to: ''
+
+      - name: Generate docker image attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ghcr.io/govlt/national-boundaries-api
+          subject-digest: ${{ steps.docker.outputs.digest }}
+          push-to-registry: true
\ No newline at end of file