diff --git a/.github/create-cli-pr.sh b/.github/create-cli-pr.sh
index e21766da8..3ddb9ac0a 100755
--- a/.github/create-cli-pr.sh
+++ b/.github/create-cli-pr.sh
@@ -18,19 +18,25 @@
 set -ex
 
 CLI_DIR=$(mktemp -d)
-git clone --depth 1 https://github.com/snyk/cli $CLI_DIR
+gh repo clone git@github.com:snyk/cli.git $CLI_DIR -- --depth=1
 pushd $CLI_DIR
   UPGRADE=$(go run scripts/upgrade-snyk-go-dependencies.go --name=snyk-ls)
   LS_VERSION=$(echo $UPGRADE | sed 's/.*Sha: \(.*\) URL.*/\1/')
   BRANCH=feat/automatic-upgrade-of-ls-to-$LS_VERSION
+  BASE=$(git log --pretty=tformat:"%h" -n1 .)
   git checkout -b $BRANCH
 
-  git config --global user.email "team-ide-user@snyk.io"
-  git config --global user.name "Snyk Team IDE User"
+  git config --global user.email "team-ide@snyk.io"
+  git config --global user.name "Snyk Team IDE"
+  git config --global gpg.format ssh
+  git config --global commit.gpgsign true
+
+  echo $PUB_SIGNING_KEY > signingkey.pub
+  git config --global user.signingkey ./signingkey.pub
 
   git commit -am "feat: automatic integration of language server $LS_VERSION"
   git push --set-upstream origin $BRANCH
 
   COMMIT_HASH=$(git log --pretty=tformat:"%h" -n1 .)
-  gh pr create --repo github.com/snyk/cli --base main --fill-verbose --head $COMMIT_HASH --title "feat(language-server): integrate LS (automatic PR) ($LS_VERSION)" --body "$(echo $UPGRADE | sed 's/.*Message: \(.*\) URL.*$/\1/')"
+  gh pr create --repo github.com/snyk/cli --base main --head $BRANCH --title "feat(language-server): integrate LS ($LS_VERSION)" --body "$(echo $UPGRADE | sed 's/.*Message: \(.*\) URL.*$/\1/')"
 popd
diff --git a/.github/workflows/create-cli-pr.yaml b/.github/workflows/create-cli-pr.yaml
index 52c1bed4a..db620ba57 100644
--- a/.github/workflows/create-cli-pr.yaml
+++ b/.github/workflows/create-cli-pr.yaml
@@ -21,8 +21,14 @@ jobs:
         with:
           go-version: ${{ env.GO_VERSION }}
 
+      - uses: webfactory/ssh-agent@v0.9.0
+        with:
+          ssh-private-key: ${{ secrets.TEAM_IDE_USER_SSH }}
+
       - name: Create PR in CLI to integrate LS
         env:
-          GH_TOKEN: ${{ HAMMERHEAD_GITHUB_PAT_SNYKLS }}
+          GH_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }}
+          GITHUB_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }}
+          PUB_SIGNING_KEY: ${{ secrets.TEAM_IDE_USER_SSH_PUB }}
         run: |
           .github/create-cli-pr.sh
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 001c307a9..7c17b8faa 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -153,8 +153,14 @@ jobs:
         run: |
           .github/upload-to-s3.sh
 
+      - uses: webfactory/ssh-agent@v0.9.0
+        with:
+          ssh-private-key: ${{ secrets.TEAM_IDE_USER_SSH }}
+
       - name: Create PR in CLI to integrate LS
         env:
-          GH_TOKEN: ${{ HAMMERHEAD_GITHUB_PAT_SNYKLS }}
+          GH_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }}
+          GITHUB_TOKEN: ${{ secrets.HAMMERHEAD_GITHUB_PAT_SNYKLS }}
+          PUB_SIGNING_KEY: ${{ secrets.TEAM_IDE_USER_SSH_PUB }}
         run: |
           .github/create-cli-pr.sh