diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index 45a8859e..e644ce72 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -47,6 +47,28 @@ jobs:
         run: |
           echo "AGENT_VERSION=$(cd agent/build/libs && unzip -p solarwinds-apm-agent.jar META-INF/MANIFEST.MF | grep Implementation-Version | awk '{ print $2 }' | sed 's/[^a-z0-9.-]//g')" >> $GITHUB_ENV
 
+      - name: Sign and download signed jar
+        run: |
+          response=$(curl -fs \
+            -H "Authorization: Bearer $SIGN_PATH_API_TOKEN" \
+            -F "ProjectSlug=$SIGN_PATH_PROJECT_SLUG" \
+            -F "SigningPolicySlug=$SIGN_PATH_SIGNING_POLICY" \
+            -F "Artifact=@agent/build/libs/solarwinds-apm-agent.jar" \
+            https://app.signpath.io/API/v1/$SIGN_PATH_ORG_ID/SigningRequests)
+          echo "res -> $response"
+          SIGNING_REQUEST_ID==$(echo "$response" | jq -r '.signingRequestId')
+          echo "request-id -> $SIGNING_REQUEST_ID"
+          
+          curl -fs \
+            -o agent/build/libs/solarwinds-apm-agent.jar \
+            -H "Authorization: Bearer $SIGN_PATH_API_TOKEN" \
+            https://app.signpath.io/API/v1/$SIGN_PATH_ORG_ID/SigningRequests/$SIGNING_REQUEST_ID/SignedArtifact
+        env:
+          SIGN_PATH_API_TOKEN: ${{ secrets.SIGN_PATH_API_TOKEN }}
+          SIGN_PATH_PROJECT_SLUG: ${{ secrets.SIGN_PATH_PROJECT_SLUG }}
+          SIGN_PATH_SIGNING_POLICY: ${{ secrets.SIGN_PATH_SIGNING_POLICY }}
+          SIGN_PATH_ORG_ID: ${{ secrets.SIGN_PATH_ORG_ID }}
+
       - name: Copy to S3
         run: |
           ls -al