diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7c31ad0b..6c23c6f8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -40,6 +40,11 @@ jobs:
       - name: Build app
         shell: bash
         run: ./scripts/make-distributions.sh
+        env:
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+
       - name: Sign files with Trusted Signing
         if: matrix.os == 'windows-latest'
         uses: azure/trusted-signing-action@v0.3.19
@@ -56,17 +61,6 @@ jobs:
           file-digest: SHA256
           timestamp-rfc3161: http://timestamp.acs.microsoft.com
           timestamp-digest: SHA256
-      - name: Release App to Mac App Store
-        uses: GuillaumeFalourd/notary-tools@v1
-        # if: steps.tag_release.outputs.successful
-        if: matrix.os == 'macos-latest'
-        with:
-          product_path: out/make/**/*.dmg
-          apple_id: ${{ secrets.APPLE_ID }}
-          password: ${{ secrets.APPLE_ID_PASSWORD }}
-          team_id: ${{ secrets.APPLE_TEAM_ID }}
-          xcode_path: /Applications/Xcode_15.4.app
-
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
         with:
diff --git a/forge.config.ts b/forge.config.ts
index 981cdac4..d6178d0d 100644
--- a/forge.config.ts
+++ b/forge.config.ts
@@ -13,6 +13,11 @@ const config: ForgeConfig = {
     asar: true,
     icon: iconPath,
     executableName: 'DocKit',
+    osxNotarize: {
+      appleId: process.env.APPLE_ID,
+      appleIdPassword: process.env.APPLE_ID_PASSWORD,
+      teamId: process.env.APPLE_TEAM_ID,
+    },
   },
   rebuildConfig: {},
   makers: [