diff --git a/.goreleaser.yml b/.goreleaser.yml
index 8dbbac29..1bef6ce5 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -156,6 +156,35 @@ release:
   # Default is `{{.Tag}}`
   #name_template: "{{.ProjectName}}-v{{.Version}} {{.Env.USER}}"
 
+  # Header template for the release body.
+  # Defaults to empty.
+  header: |
+    Welcome to this new release!
+
+    ## Signatures and Checksums
+
+    `step-ca` uses [sigstore/cosign](https://github.com/sigstore/cosign) for signing and verifying release artifacts.
+    Here is an example of how to use `cosign` to verify a release artifact:
+
+    ```
+    cosign verify-blob \
+      -key https://raw.githubusercontent.com/smallstep/cli/master/cosign.pub \
+      -signature ~/Downloads/step-ca_darwin_0.17.2_amd64.tar.gz.sig
+      ~/Downloads/step-ca_darwin_0.17.2_amd64.tar.gz
+    ```
+
+    We use the `checksums.txt` file to store checksums for every artifact in the release.
+
+  # Footer template for the release body.
+  # Defaults to empty.
+  footer: |
+    ## Thanks!
+
+    Those were the changes on {{ .Tag }}!
+
+    Come join us on [Discord](https://discord.gg/X2RKGwEbV9) to ask questions, chat about PKI,
+    or get a sneak peak at the freshest PKI memes.
+
   # You can disable this pipe in order to not upload any artifacts.
   # Defaults to false.
   #disable: true