diff --git a/.github/workflows/update-tuf-seeds.yml b/.github/workflows/update-tuf-seeds.yml
new file mode 100644
index 000000000..d7259dc5c
--- /dev/null
+++ b/.github/workflows/update-tuf-seeds.yml
@@ -0,0 +1,33 @@
+name: Update TUF Seeds
+
+on:
+  workflow_dispatch:
+  push:
+
+permissions:
+  contents: read
+
+jobs:
+  update-tuf-seeds:
+    runs-on: ubuntu-latest
+    env:
+      DEBUG: "tuf:*"
+      TUF_CACHE_PATH: ${{ runner.temp }}/tuf
+      TUF_MIRROR: https://tuf-repo-cdn.sigstore.dev
+    steps:
+      steps:
+      - name: Checkout source
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3
+      - name: Setup node
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+        with:
+          node-version: 18
+          cache: npm
+      - name: Install dependencies
+        run: npm ci
+      - name: Build sigstore-js
+        run: npm run build
+      - name: Init TUF cache
+        run: sigstore init --cache-path ${TUF_CACHE_PATH} --mirror ${TUF_MIRROR}
+      - name: ls
+        run: tree ${TUF_CACHE_PATH}