diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index a1eb1a0c..52f43106 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -57,14 +57,14 @@ jobs:
             --signature "${dist_base}.sig" \
             --cert "${dist_base}.crt" \
             --cert-oidc-issuer https://token.actions.githubusercontent.com \
-            --cert-identity ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/.github/workflows/build_and_sign_demand.yml@${GITHUB_REF}
+            --cert-identity ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/.github/workflows/python-publish.yml@${GITHUB_REF}
 
           # Verify using `.sigstore` bundle;
           python -m \
             sigstore verify identity "${dist}" \
             --bundle "${dist_base}.sigstore" \
             --cert-oidc-issuer https://token.actions.githubusercontent.com \
-            --cert-identity ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/.github/workflows/build_and_sign_demand.yml@${GITHUB_REF}
+            --cert-identity ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/.github/workflows/python-publish.yml@${GITHUB_REF}
           done
     - name: List artifacts after sign
       run: ls ./dist