diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index fc5293ebd..ba6314b5b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,9 +18,10 @@ jobs:
           platform: 'linux'
     runs-on: ${{ matrix.os }}
     env:
-      npm_config_disturl: https://atom.io/download/electron
       npm_config_target: 9.3.1
       npm_config_runtime: "electron"
+      APPLEID: ${{ secrets.APPLEID }}
+      APPLEIDPASS: ${{ secrets.APPLEIDPASS }}
 
     steps:
       - name: Checkout
diff --git a/build/entitlements.mac.plist b/build/entitlements.mac.plist
new file mode 100644
index 000000000..d6b93bc0b
--- /dev/null
+++ b/build/entitlements.mac.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+  </dict>
+</plist>
diff --git a/build/notarize.js b/build/notarize.js
new file mode 100644
index 000000000..1c637b2b5
--- /dev/null
+++ b/build/notarize.js
@@ -0,0 +1,18 @@
+require('dotenv').config();
+const { notarize } = require('electron-notarize');
+
+exports.default = async function notarizing(context) {
+  const { electronPlatformName, appOutDir } = context;
+  const appName = context.packager.appInfo.productFilename;
+
+  if (electronPlatformName !== 'darwin') {
+    return;
+  }
+
+  return await notarize({
+    appBundleId: 'yank.note',
+    appPath: `${appOutDir}/${appName}.app`,
+    appleId: process.env.APPLEID,
+    appleIdPassword: process.env.APPLEIDPASS,
+  });
+};
diff --git a/electron-builder.json b/electron-builder.json
index ea75300c7..076240b32 100644
--- a/electron-builder.json
+++ b/electron-builder.json
@@ -33,10 +33,16 @@
     ]
   },
   "mac": {
+    "gatekeeperAssess": false,
+    "hardenedRuntime": true,
+    "identity": "yank.note",
+    "entitlements": "build/entitlements.mac.plist",
+  	"entitlementsInherit": "build/entitlements.mac.plist",
     "target": [
       "dmg"
     ]
   },
+  "afterSign": "scripts/notarize.js",
   "nsis": {
     "perMachine": false
   },
diff --git a/package.json b/package.json
index dca35c66b..a9961567b 100644
--- a/package.json
+++ b/package.json
@@ -44,6 +44,7 @@
     "@types/yargs": "^15.0.4",
     "electron": "^9.3.1",
     "electron-builder": "^22.7.0",
+    "electron-notarize": "^1.0.0",
     "ts-node": "^8.3.0",
     "typescript": "^3.9.5"
   }
diff --git a/yarn.lock b/yarn.lock
index cffbee66c..04befa83f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -982,6 +982,14 @@ electron-log@^4.2.2:
   resolved "https://registry.yarnpkg.com/electron-log/-/electron-log-4.2.2.tgz#b358dc6d1e4772465609ee3d8ad9f594d9e742c8"
   integrity sha512-lBpLh1Q8qayrTxFIrTPcNjSHsosvUfOYyZ8glhiLcx7zCNPDGuj8+nXlEaaSS6LRiQQbLgLG+wKpuvztNzBIrA==
 
+electron-notarize@^1.0.0:
+  version "1.0.0"
+  resolved "https://registry.yarnpkg.com/electron-notarize/-/electron-notarize-1.0.0.tgz#bc925b1ccc3f79e58e029e8c4706572b01a9fd8f"
+  integrity sha512-dsib1IAquMn0onCrNMJ6gtEIZn/azG8hZMCYOuZIMVMUeRMgBYHK1s5TK9P8xAcrAjh/2aN5WYHzgVSWX314og==
+  dependencies:
+    debug "^4.1.1"
+    fs-extra "^9.0.1"
+
 electron-progressbar@^1.2.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/electron-progressbar/-/electron-progressbar-1.2.0.tgz#3628ee759da5c4b6ae08887843b54d7364477310"
@@ -1255,6 +1263,16 @@ fs-extra@^9.0.0:
     jsonfile "^6.0.1"
     universalify "^1.0.0"
 
+fs-extra@^9.0.1:
+  version "9.1.0"
+  resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-9.1.0.tgz#5954460c764a8da2094ba3554bf839e6b9a7c86d"
+  integrity sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==
+  dependencies:
+    at-least-node "^1.0.0"
+    graceful-fs "^4.2.0"
+    jsonfile "^6.0.1"
+    universalify "^2.0.0"
+
 get-caller-file@^2.0.1:
   version "2.0.5"
   resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e"
@@ -2727,6 +2745,11 @@ universalify@^1.0.0:
   resolved "https://registry.yarnpkg.com/universalify/-/universalify-1.0.0.tgz#b61a1da173e8435b2fe3c67d29b9adf8594bd16d"
   integrity sha512-rb6X1W158d7pRQBg5gkR8uPaSfiids68LTJQYOtEUhoJUWBdaQHsuT/EUduxXYxcrt4r5PJ4fuHW1MHT6p0qug==
 
+universalify@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/universalify/-/universalify-2.0.0.tgz#75a4984efedc4b08975c5aeb73f530d02df25717"
+  integrity sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==
+
 unpipe@1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec"