diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 17c0628d7..d94b92103 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -32,6 +32,12 @@ jobs:
         uses: gradle/gradle-build-action@v2
         with:
           arguments: publish
+        env:
+          SONATYPE_USERNAME: ${{ secrets.OSS_SONATYPE_USERNAME }}
+          SONATYPE_PASSWORD: ${{ secrets.OSS_SONATYPE_PASSWORD }}
+          ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.SIGNING_KEY_ID }}
+          ORG_GRADLE_PROJECT_signingKey: ${{ secrets.SIGNING_PRIVATE_KEY }}
+          ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.SIGNING_PASSWORD }}
 
       - name: ZIP files
         id: zip-files
diff --git a/buildSrc/src/main/groovy/bigbone.library-conventions.gradle b/buildSrc/src/main/groovy/bigbone.library-conventions.gradle
index 20476fd08..9022d78b0 100644
--- a/buildSrc/src/main/groovy/bigbone.library-conventions.gradle
+++ b/buildSrc/src/main/groovy/bigbone.library-conventions.gradle
@@ -19,8 +19,8 @@ publishing {
             def snapshotsRepoUrl = "https://s01.oss.sonatype.org/content/repositories/snapshots/"
             url = version.endsWith('SNAPSHOT') ? snapshotsRepoUrl : releasesRepoUrl
             credentials {
-                username = project.properties.containsKey("sonatypeUsername") ? sonatypeUsername : ""
-                password = project.properties.containsKey("sonatypePassword") ? sonatypePassword : ""
+                username = System.getenv("SONATYPE_USERNAME") ?: ""
+                password = System.getenv("SONATYPE_PASSWORD") ?: ""
             }
         }
 
@@ -56,6 +56,10 @@ publishing {
 }
 
 signing {
+    def signingKeyId = findProperty("signingKeyId")
+    def signingKey = findProperty("signingKey")
+    def signingPassword = findProperty("signingPassword")
+    useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword)
     sign publishing.publications.bigbone
 }