diff --git a/.github/cosign.key b/.github/cosign.key
deleted file mode 100644
index c8a5a1be..00000000
--- a/.github/cosign.key
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN ENCRYPTED COSIGN PRIVATE KEY-----
-eyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjozMjc2OCwiciI6
-OCwicCI6MX0sInNhbHQiOiJIYm5Zeno2c1orRytYdlFTUWorTU5PZEhnTmZTQnpR
-NTd4MkRIQWI5emU4PSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94
-Iiwibm9uY2UiOiIyS1pvUHF1bG9NcDUvcFBsOWg5cDR5VXBsL2M5eFI1OCJ9LCJj
-aXBoZXJ0ZXh0IjoiT1NqZUMvS2dtWUkzQ2ErVlVmQlh1Wm9hU0FkYWxFT0wwWk9G
-UEMrNFFWYWhtMUtNeHM2YUUwNWpvT3hveEF1eDRxaGk2amJmenp0MG5SelhJUUZt
-QjRSblBDTUQ4NmduQ2owR243dE4vc3V0TmpZbVI0c3NORzZpNXVYdTBuWmdseHk3
-K1k5SXU0cW0wOWordXRyNURwODM3RmF2Z0w3ZUhJeU1LQjlZWVd0OWZMV0s4VFps
-b29yTjJpVDYxT1E4Y0diM0JyOGw2ang2YkE9PSJ9
------END ENCRYPTED COSIGN PRIVATE KEY-----
diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
index 75632ea1..5ba5bf0b 100644
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -43,11 +43,16 @@ jobs:
         uses: sigstore/cosign-installer@main
         with:
           cosign-release: 'v1.2.1'
+      - name: write cosign.key to environment
+        run: 'echo "$COSIGN_KEY" > .github/cosign.key'
+        shell: bash
+        env:
+          COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:
           distribution: goreleaser
-          version: latest
+          version: 'v0.180.2'
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitignore b/.gitignore
index 911f0541..3ef2e039 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,6 @@ dist
 
 # VSCode configuration
 .vscode
+
+# ignore cosign private key
+cosign.key
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 0953c428..518b61a2 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -6,7 +6,7 @@ builds:
       - "-extldflags=-znow"
       - "-X main.tag={{.Version}}"
       - "-X main.commit={{.FullCommit}}"
-      - "-X main.date={{.Date}}"
+      - "-X main.date={{.CommitDate}}"
     env:
       - "CGO_ENABLED=0"
       - "GO111MODULE=on"
diff --git a/cmd/in-toto/version.go b/cmd/in-toto/version.go
index 6378440f..aa306c10 100644
--- a/cmd/in-toto/version.go
+++ b/cmd/in-toto/version.go
@@ -14,7 +14,7 @@ var (
 var versionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Display the version of the in-toto CLI tool",
-	Long:  `Display the commit ID, the date and the version tag of the in-toto CLI as embedded by the build system.`,
+	Long:  `Display the commit ID, the build date and the version tag of the in-toto CLI as embedded by the build system.`,
 	RunE:  version,
 }
 
diff --git a/cosign.pub b/cosign.pub
index a4732efc..0d0e8be4 100644
--- a/cosign.pub
+++ b/cosign.pub
@@ -1,4 +1,4 @@
 -----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2aAPtd19aLTQNfMnspdWzs2e0ieD
-NxbkxAfrlSrJ7t/CUdQVlzqRydZQ1HnRfGmB6xPW6U7BDFUexVYLMTMOBQ==
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESv8K4ZaLK5ZQcjycNcuHCY2zYE65
+vagRvLoqo/ugR/52+ZLcq3DW41pfyjK0XVNSCqpdIaA0qUkmkDcwgwKFUg==
 -----END PUBLIC KEY-----