diff --git a/.woodpecker/release.yaml b/.woodpecker/release.yaml
index 4bd1d16..89e52a9 100644
--- a/.woodpecker/release.yaml
+++ b/.woodpecker/release.yaml
@@ -44,26 +44,28 @@ steps:
     when:
       event: tag
 
-  setup-cosign-key:
-    image: alpine
+  sign-next:
+    image: *container_tools_image
     environment:
+      COSIGN_PASSWORD: "" # testing, so empty password is OK
       COSIGN_KEY:
         from_secret: cosign_key
     commands:
       - echo $COSIGN_KEY > ./cosign.key
-
-  sign-next:
-    image: *container_tools_image
-    commands:
       - cosign sign --key ./cosign.key --recursive registry.mareshq.com/woodpecker-plugins/cosign-sign:next
     when:
       event: push
       branch: main
 
-  sign-tag:
-    image: *container_tools_image
-    commands:
-      - cosign sign --key ./cosign.key --recursive registry.mareshq.com/woodpecker-plugins/cosign-sign:latest
-      - cosign sign --key ./cosign.key --recursive registry.mareshq.com/woodpecker-plugins/cosign-sign:${CI_COMMIT_TAG}
-    when:
-      event: tag
+  # sign-tag:
+  #   image: *container_tools_image
+  #   environment:
+  #     COSIGN_PASSWORD: "" # testing, so empty password is OK
+  #     COSIGN_KEY:
+  #       from_secret: cosign_key
+  #   commands:
+  #     - echo $COSIGN_KEY > ./cosign.key
+  #     - cosign sign --key ./cosign.key --recursive registry.mareshq.com/woodpecker-plugins/cosign-sign:latest
+  #     - cosign sign --key ./cosign.key --recursive registry.mareshq.com/woodpecker-plugins/cosign-sign:$${CI_COMMIT_TAG}
+  #   when:
+  #     event: tag