diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ba4ba3d3..8ce52117 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -42,13 +42,11 @@ jobs:
       - uses: codecov/codecov-action@v4
 
       - name: publishToMavenLocal
-        if: github.repository_owner == 'JuulLabs'
         uses: gradle/gradle-build-action@v3
         with:
           arguments: |
             -PVERSION_NAME=unspecified
-            -PsigningInMemoryKey=${{ secrets.SIGNING_KEY }}
-            -PsigningInMemoryKeyPassword=${{ secrets.SIGNING_PASSWORD }}
+            -PRELEASE_SIGNING_ENABLED=false
             publishToMavenLocal
 
       - name: Website
diff --git a/.github/workflows/signing.yml b/.github/workflows/signing.yml
new file mode 100644
index 00000000..91f88942
--- /dev/null
+++ b/.github/workflows/signing.yml
@@ -0,0 +1,25 @@
+name: Validate Maven Signing
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  signing:
+    if: github.repository_owner == 'JuulLabs'
+    runs-on: macos-13
+    steps:
+      - uses: actions/checkout@v4
+      - uses: gradle/wrapper-validation-action@v2
+      - uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+
+      - name: publishToMavenLocal
+        uses: gradle/gradle-build-action@v3
+        with:
+          arguments: |
+            -PsigningInMemoryKey=${{ secrets.SIGNING_KEY }}
+            -PsigningInMemoryKeyPassword=${{ secrets.SIGNING_PASSWORD }}
+            publishToMavenLocal