diff --git a/.gitignore b/.gitignore
index 8ea8be6..cfa7261 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 # Node
 node_modules/
 .env
+*.env
 *.log
 .DS_Store
 
diff --git a/main/static/entitlements.mac.plist b/main/static/entitlements.mac.plist
new file mode 100644
index 0000000..bb87459
--- /dev/null
+++ b/main/static/entitlements.mac.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+  </dict>
+</plist>
\ No newline at end of file
diff --git a/scripts/notarize.js b/scripts/notarize.js
new file mode 100644
index 0000000..6b2f245
--- /dev/null
+++ b/scripts/notarize.js
@@ -0,0 +1,40 @@
+/**
+ * Source: https://github.com/electron-userland/electron-builder/issues/3870#issuecomment-498786448
+ * Source: https://kilianvalkhof.com/2019/electron/notarizing-your-electron-application/
+ */
+
+require('dotenv').config()
+
+const { notarize } = require('electron-notarize')
+
+exports.default = async function notarizing(context) {
+  const { electronPlatformName, appOutDir } = context
+
+  if (electronPlatformName !== 'darwin') {
+    return
+  }
+
+  if (!(process.env.APPLE_ID && process.env.APPLE_ID_PASSWORD)) {
+    console.warn(
+      'Skipping macOS app notarization.' +
+        ' Missing one or more environment vars (APPLE_ID, APPLE_ID_PASSWORD).'
+    )
+    return
+  }
+
+  if (process.env.DEV_BUILD) {
+    console.warn(
+      'Skipping macOS app notarization in development build. Do not publish'
+    )
+    return
+  }
+
+  const appName = context.packager.appInfo.productFilename
+
+  return await notarize({
+    appBundleId: 'pm.there.desktop',
+    appPath: `${appOutDir}/${appName}.app`,
+    appleId: process.env.APPLE_ID,
+    appleIdPassword: process.env.APPLE_ID_PASSWORD,
+  })
+}