diff --git a/.gitignore b/.gitignore
index d469a498..e2efe76a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -310,3 +310,8 @@ GitHub.sublime-settings
 src/renderer/sw.js.map
 src/renderer/workbox-962786f2.js.map
 /src/renderer/musickit-dev.js
+
+#Mac certs
+*.p12
+keys.sh
+
diff --git a/build/afterPack.js b/build/afterPack.js
new file mode 100644
index 00000000..963caa17
--- /dev/null
+++ b/build/afterPack.js
@@ -0,0 +1,16 @@
+exports.default = function(context) {
+    const { execSync } = require('child_process')
+
+    console.log('Castlabs-evs update start')
+    execSync('python3 -m pip install --upgrade castlabs-evs')
+    console.log('Castlabs-evs update complete')
+
+    if (process.platform !== 'darwin')
+        return
+
+    console.log('VMP signing start')
+
+    execSync('python3 -m castlabs_evs.vmp -n sign-pkg dist/mac',{stdio: 'inherit'})
+    
+    console.log('VMP signing complete')
+}
\ No newline at end of file
diff --git a/build/entitlements.mac.plist b/build/entitlements.mac.plist
new file mode 100644
index 00000000..fcb8d4a3
--- /dev/null
+++ b/build/entitlements.mac.plist
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <!-- https://github.com/electron/electron-notarize#prerequisites -->
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <!-- https://github.cm/electron-userland/electron-builder/issues/3940 -->
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+  </dict>
+</plist>
\ No newline at end of file
diff --git a/build/notarize.js b/build/notarize.js
new file mode 100644
index 00000000..9e98e18c
--- /dev/null
+++ b/build/notarize.js
@@ -0,0 +1,20 @@
+
+  
+require('dotenv').config();
+  const { notarize } = require('electron-notarize');
+  
+exports.default = async function notarizing(context) {
+    const { electronPlatformName, appOutDir } = context;  
+    if (electronPlatformName !== 'darwin') {
+      return;
+    }
+  
+    const appName = context.packager.appInfo.productFilename;
+  
+    return await notarize({
+      appBundleId: 'com.ciderapp.cider',
+      appPath: `${appOutDir}/${appName}.app`,
+      appleId: process.env.APPLEID,
+      appleIdPassword: process.env.APPLEIDPASS,
+    });
+};
\ No newline at end of file
diff --git a/package.json b/package.json
index 70ae80f4..5da3fef3 100644
--- a/package.json
+++ b/package.json
@@ -31,6 +31,8 @@
     "ejs": "^3.1.6",
     "electron-fetch": "^1.7.4",
     "electron-log": "^4.4.4",
+    "electron-notarize": "^1.1.1",
+    "electron-packager": "^15.4.0",
     "electron-store": "^8.0.1",
     "electron-updater": "^4.6.1",
     "electron-window-state": "^5.0.3",
@@ -92,6 +94,8 @@
       "mirror": "https://github.com/castlabs/electron-releases/releases/download/v"
     },
     "appId": "cider",
+    "afterPack": "./build/afterPack.js",
+    "afterSign": "./build/notarize.js",
     "protocols": [
       {
         "name": "Cider",
@@ -142,10 +146,16 @@
       "output": "dist"
     },
     "mac": {
+      "hardenedRuntime": true,
+      "gatekeeperAssess": false,
       "icon": "./resources/icons/icon.icns",
       "category": "public.app-category.music",
-      "entitlements": "resources/entitlements.mac.plist",
-      "darkModeSupport": true
+      "entitlements": "build/entitlements.mac.plist",
+      "entitlementsInherit": "build/entitlements.mac.plist",
+      "darkModeSupport": true,
+      "target": [
+        "dmg"
+      ]
     }
   }
 }