diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index afdcef9..579151a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -23,6 +23,12 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        run: |
+          echo "${{ secrets.RELEASE_KEYSTORE }}" > keystore.asc
+          echo "${{ secrets.RELEASE_KEY}}" > key.acs
+          gpg -d --passphrase "${{ secrets.RELEASE_KEYSTORE_PASSWORD }}" --batch keystore.asc > app/keystore.properties
+          gpg -d --passphrase "${{ secrets.RELEASE_KEYSTORE_PASSWORD }}" --batch key.asc > app/key.jks
+
       - uses: gradle/wrapper-validation-action@v2
 
       - name: create and checkout branch
@@ -41,14 +47,14 @@ jobs:
       - name: Build APK
         run: ./gradlew assemble
 
-      - name: Upload APK
-        uses: actions/upload-artifact@v4
-        with:
-          name: app.apk
-          path: app/build/outputs/apk/release/app-release-unsigned.apk
+      # - name: Upload APK
+      #   uses: actions/upload-artifact@v4
+      #   with:
+      #     name: app.apk
+      #     path: app/build/outputs/apk/release/app-release.apk
 
       - name: Release
         uses: softprops/action-gh-release@v2
         with:
           files: |
-            app/build/outputs/apk/release/app-release-unsigned.apk
\ No newline at end of file
+            app/build/outputs/apk/release/app-release.apk
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index f0b8517..c275b2b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,5 @@ captures/
 .externalNativeBuild
 .cxx
 local.properties
+keystore.properties
+key.jks
diff --git a/app/build.gradle b/app/build.gradle
index f475d2f..4640aa5 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -5,19 +5,34 @@ plugins {
 }
 
 
+def keystorePropertiesFile = rootProject.file("app/keystore.properties")
+def keystoreProperties = new Properties()
+keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
+
+
 android {
     namespace 'net.helcel.fidelity'
     compileSdk 34
 
     defaultConfig {
         applicationId 'net.helcel.fidelity'
-        resValue "string", "app_name", "Keepass Fideity"
+        resValue "string", "app_name", "Keepass Fidelity"
         minSdk 28
         targetSdk 34
         versionCode 1
         versionName "1.0"
     }
 
+
+    signingConfigs {
+        create("release") {
+            keyAlias keystoreProperties['keyAlias']
+            keyPassword keystoreProperties['keyPassword']
+            storeFile file(keystoreProperties['storeFile'])
+            storePassword keystoreProperties['storePassword']
+        }
+    }
+
     buildTypes {
         debug {
             debuggable true
@@ -26,6 +41,7 @@ android {
             minifyEnabled true
             shrinkResources false
             proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
+            signingConfig = signingConfigs.getByName("release")
         }
     }
 
diff --git a/app/proguard-rules.pro b/app/proguard-rules.pro
new file mode 100644
index 0000000..add4e4c
--- /dev/null
+++ b/app/proguard-rules.pro
@@ -0,0 +1,13 @@
+# Gson uses generic type information stored in a class file when working with
+# fields. Proguard removes such information by default, keep it.
+-keepattributes Signature
+
+# This is also needed for R8 in compat mode since multiple
+# optimizations will remove the generic signature such as class
+# merging and argument removal. See:
+# https://r8.googlesource.com/r8/+/refs/heads/main/compatibility-faq.md#troubleshooting-gson-gson
+-keep class com.google.gson.reflect.TypeToken { *; }
+-keep class * extends com.google.gson.reflect.TypeToken
+
+# Optional. For using GSON @Expose annotation
+-keepattributes AnnotationDefault,RuntimeVisibleAnnotations
\ No newline at end of file