diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 077fafa..703bb85 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -74,3 +74,38 @@ jobs:
           body: "<insert release notes here>"
           token: ${{ secrets.GITHUB_TOKEN }}
           draft: true
+
+  release-version:
+    name: Upload version.json
+    runs-on: ubuntu-20.04
+    needs:
+     - setup
+     - release
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+        with:
+          ref: ${{ needs.setup.outputs.branch-name }}
+
+      - name: Login to Azure
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "aws-selfhost-version-access-id, aws-selfhost-version-access-key"
+
+      - name: Upload version.json to S3 bucket
+        env:
+          AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-id }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-selfhost-version-access-key }}
+          AWS_DEFAULT_REGION: 'us-west-2'
+          AWS_S3_BUCKET_NAME: 's3://public-s3-bitwarden-selfhost-version-artifact'
+        run: |
+          aws s3 cp version.json $AWS_S3_BUCKET_NAME \
+          --acl "public-read" \
+          --quiet
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..05f4ccb
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+# Secrets file for act (gh actions local run tool)
+.secrets
\ No newline at end of file