diff --git a/Cargo.toml b/Cargo.toml
index f617e9a7db..2590bfb043 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -17,6 +17,7 @@ include = [
   "/README.md",
   "/build.rs",
   "/completions/*",
+  "/minisign.pub",
   "/registry.toml",
   "/settings.toml",
   "/zipsign.pub",
diff --git a/minisign.pub b/minisign.pub
new file mode 100644
index 0000000000..be8dcdf2ca
--- /dev/null
+++ b/minisign.pub
@@ -0,0 +1,2 @@
+untrusted comment: minisign public key E97C65762BC3EF8B
+RWSL78MrdmV86brusnKIy6M7tCyiwUecPBqZ1w7U2vFPH40DuA2lKA1x
diff --git a/scripts/publish-s3.sh b/scripts/publish-s3.sh
index 01edb775fa..8dff69b75c 100755
--- a/scripts/publish-s3.sh
+++ b/scripts/publish-s3.sh
@@ -12,6 +12,7 @@ aws s3 cp "$RELEASE_DIR" "s3://$AWS_S3_BUCKET/" --cache-control "$cache_day" --n
 aws s3 cp "$RELEASE_DIR/VERSION" "s3://$AWS_S3_BUCKET/" --cache-control "$cache_day" --no-progress --content-type "text/plain"
 aws s3 cp "$RELEASE_DIR/install.sh" "s3://$AWS_S3_BUCKET/" --cache-control "$cache_day" --no-progress --content-type "text/plain"
 aws s3 cp "$RELEASE_DIR/install.sh.sig" "s3://$AWS_S3_BUCKET/" --cache-control "$cache_day" --no-progress
+aws s3 cp "$RELEASE_DIR/install.sh.minisig" "s3://$AWS_S3_BUCKET/" --cache-control "$cache_day" --no-progress
 aws s3 cp "./schema/mise.json" "s3://$AWS_S3_BUCKET/schema/mise.json" --cache-control "$cache_day" --no-progress --content-type "application/json"
 aws s3 cp "./schema/mise.plugin.json" "s3://$AWS_S3_BUCKET/schema/mise.plugin.json" --cache-control "$cache_day" --no-progress --content-type "application/json"
 aws s3 cp "./schema/mise-task.json" "s3://$AWS_S3_BUCKET/schema/mise-task.json" --cache-control "$cache_day" --no-progress --content-type "application/json"
@@ -32,12 +33,6 @@ curl --fail-with-body -X POST "https://api.cloudflare.com/client/v4/zones/90dfd7
   -H "Content-Type: application/json" \
   --data '{ "purge_everything": true }'
 
-# rtx.pub
-curl --fail-with-body -X POST "https://api.cloudflare.com/client/v4/zones/80d977fd09f01db52bec165778088891/purge_cache" \
-  -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-  -H "Content-Type: application/json" \
-  --data '{ "purge_everything": true }'
-
 # mise.run
 curl --fail-with-body -X POST "https://api.cloudflare.com/client/v4/zones/782fc08181b7bbd26c529a00df52a277/purge_cache" \
   -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
diff --git a/scripts/release.sh b/scripts/release.sh
index 683719a657..53f4ead696 100755
--- a/scripts/release.sh
+++ b/scripts/release.sh
@@ -55,6 +55,7 @@ sha256sum ./mise-latest-* >SHASUMS256.txt
 sha512sum ./mise-latest-* >SHASUMS512.txt
 gpg --clearsign -u 8B81C9D17413A06D <SHASUMS256.txt >SHASUMS256.asc
 gpg --clearsign -u 8B81C9D17413A06D <SHASUMS512.txt >SHASUMS512.asc
+minisig -Sm SHASUMS256.txt SHA256SUMS512.txt
 popd
 
 pushd "$RELEASE_DIR/$MISE_VERSION"
@@ -62,6 +63,7 @@ sha256sum ./* >SHASUMS256.txt
 sha512sum ./* >SHASUMS512.txt
 gpg --clearsign -u 8B81C9D17413A06D <SHASUMS256.txt >SHASUMS256.asc
 gpg --clearsign -u 8B81C9D17413A06D <SHASUMS512.txt >SHASUMS512.asc
+minisig -Sm SHASUMS256.txt SHA256SUMS512.txt
 popd
 
 echo "::group::install.sh"
@@ -69,6 +71,7 @@ echo "::group::install.sh"
 chmod +x "$RELEASE_DIR"/install.sh
 shellcheck "$RELEASE_DIR"/install.sh
 gpg -u 8B81C9D17413A06D --output "$RELEASE_DIR"/install.sh.sig --sign "$RELEASE_DIR"/install.sh
+minisig -Sm "$RELEASE_DIR"/install.sh
 
 if [[ "$DRY_RUN" != 1 ]]; then
   echo "::group::Publish npm @jdxcode/mise"