diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7604459..44733cd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,7 +8,7 @@ on:
 permissions: read-all
 
 jobs:
-  release:
+  build:
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -24,6 +24,7 @@ jobs:
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # actions/checkout@v4 | 1567,v4.1.2
       - name: Get release version
         id: releaseVersion
+        shell: bash
         run: echo "releaseVersion=\"$(awk -F\' '/const releaseVersion/ { print $2 }' src/version.js)\"" >> "$GITHUB_ENV"
       - name: Check if releaseVersion is same as tag
         run: |
@@ -32,6 +33,7 @@ jobs:
             exit 1
           fi
       - name: Fetch MITM-Proxy
+        shell: bash
         run: |
           mkdir -p mitmproxy
           wget https://github.com/koalalab-inc/go-libaudit/releases/download/v2.5.0/auparse-2.5.0-linux-amd64 --quiet
@@ -49,6 +51,7 @@ jobs:
         with:
           cosign-release: 'v2.2.4' # optional
       - name: Sign Release
+        shell: bash
         run: |
           cosign sign-blob \
             --yes \
@@ -56,7 +59,93 @@ jobs:
             --output-signature bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.sig \
             --output-certificate bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.cert \
             bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz
-        
+
+      - name: Generate hashes
+        shell: bash
+        id: hash
+        run: |
+          # sha256sum generates sha256 hash for all artifacts.
+          # base64 -w0 encodes to base64 and outputs on a single line.
+          # sha256sum artifact1 artifact2 ... | base64 -w0
+          echo "hashes=$(sha256sum bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz \
+            bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.bundle \
+            bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.sig \
+            bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.cert | base64 -w0)" >> "$GITHUB_OUTPUT"
+
+      - name: Upload tarball
+        uses: actions/upload-artifact@v4
+        with:
+          name: bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz
+          path: bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz
+          if-no-files-found: error
+          retention-days: 5
+
+      - name: Upload signature
+        uses: actions/upload-artifact@v4
+        with:
+          name: bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.sig
+          path: bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.sig
+          if-no-files-found: error
+          retention-days: 5
+      
+      - name: Upload certificate
+        uses: actions/upload-artifact@v4
+        with:
+          name: bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.cert
+          path: bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.cert
+          if-no-files-found: error
+          retention-days: 5
+
+      - name: Upload verification bundle
+        uses: actions/upload-artifact@v4
+        with:
+          name: bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.bundle
+          path: bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.bundle
+          if-no-files-found: error
+          retention-days: 5
+
+  provenance:
+    needs: [build]
+    permissions:
+      actions: read
+      id-token: write
+      contents: write
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
+    with:
+      base64-subjects: "${{ needs.build.outputs.hashes }}"
+      # Upload provenance to a new release
+      upload-assets: true
+
+  release:
+    needs: [build, provenance]    
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    env:
+      tag: ${{ github.ref_name }}
+      os: linux
+      arch: x86_64
+    steps:
+      - name: Download tarball
+        uses: actions/download-artifact@v4
+        with:
+          name: bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz
+
+      - name: Download signature
+        uses: actions/download-artifact@v4
+        with:
+          name: bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.sig
+
+      - name: Download certificate
+        uses: actions/download-artifact@v4
+        with:
+          name: bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.cert
+
+      - name: Download bundle
+        uses: actions/download-artifact@v4
+        with:
+          name: bolt-${{ env.tag }}-${{ env.os }}-${{ env.arch }}.tar.gz.bundle
+  
       - name: Release
         uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # softprops/action-gh-release@v2
         with:
diff --git a/dist/index.js b/dist/index.js
index 0adb2ed..e7101e0 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -123353,7 +123353,7 @@ module.exports = {
 /***/ 49554:
 /***/ ((module) => {
 
-const releaseVersion = 'v1.6.0-rc'
+const releaseVersion = 'v1.6.1-rc'
 
 module.exports = {
   releaseVersion
diff --git a/src/version.js b/src/version.js
index 4e269de..4b5508f 100644
--- a/src/version.js
+++ b/src/version.js
@@ -1,4 +1,4 @@
-const releaseVersion = 'v1.6.0-rc'
+const releaseVersion = 'v1.6.1-rc'
 
 module.exports = {
   releaseVersion