diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 0fc8058..77f05ca 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -15,4 +15,10 @@ jobs:
   docker:
     uses: FyraLabs/actions/.github/workflows/docker.yml@main
     with:
-      publish: ${{ github.event_name != 'pull_request' }}
\ No newline at end of file
+      publish: ${{ github.event_name != 'pull_request' }}
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write