diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 00411e7..f90208a 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -3,7 +3,6 @@ name: Nightly
 on: 
   schedule: 
     - cron: "0 8 * * *"
-  workflow_dispatch:
   
 jobs:
   build:
diff --git a/.github/workflows/oneoff.yml b/.github/workflows/oneoff.yml
new file mode 100644
index 0000000..4c5da3c
--- /dev/null
+++ b/.github/workflows/oneoff.yml
@@ -0,0 +1,64 @@
+name: One-Off Build
+
+on: 
+  workflow_dispatch:
+  
+jobs:
+  build:
+    runs-on: macos-26
+    permissions:
+      id-token: write
+      contents: write
+      attestations: write
+      actions: read
+    timeout-minutes: 10
+    steps:
+    - uses: actions/checkout@v5
+    - name: Setup Signing
+      env: 
+        SIGNING_DATA: ${{ secrets.SIGNING_DATA }}
+        SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
+        HOST_PROFILE_DATA: ${{ secrets.HOST_PROFILE_DATA }}
+        AGENT_PROFILE_DATA: ${{ secrets.AGENT_PROFILE_DATA }}
+        APPLE_API_KEY_DATA: ${{ secrets.APPLE_API_KEY_DATA }}
+        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+      run: ./.github/scripts/signing.sh
+    - name: Set Environment
+      run: sudo xcrun xcode-select -s /Applications/Xcode_26.1.app
+    - name: Update Build Number
+      env:
+        RUN_ID: ${{ github.run_id }}
+      run: |
+            DATE=$(date "+%Y-%m-%d")
+            sed -i '' -e "s/GITHUB_CI_VERSION/0.0.0_oneoff-$DATE/g" Sources/Config/Config.xcconfig
+            sed -i '' -e "s/GITHUB_BUILD_NUMBER/1.$RUN_ID/g" Sources/Config/Config.xcconfig
+            sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Sources/Config/Config.xcconfig
+    - name: Build
+      run: xcrun xcodebuild -project Sources/Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
+    - name: Move to Artifact Folder
+      run: mkdir Artifact; cp -r Archive.xcarchive/Products/Applications/Secretive.app Artifact
+    - name: Upload App to Artifacts
+      id: upload
+      uses: actions/upload-artifact@v4
+      with:
+        name: Secretive
+        path: Artifact
+    - name: Download Zipped Artifact
+      id: download
+      env: 
+        ZIP_ID: ${{ steps.upload.outputs.artifact-id }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+            curl -L -H "Authorization: Bearer $GITHUB_TOKEN" -L \
+            https://api.github.com/repos/maxgoedjen/secretive/actions/artifacts/$ZIP_ID/zip > Secretive.zip
+    - name: Notarize
+      env: 
+        APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
+        APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
+      run: xcrun notarytool submit --key ~/.private_keys/AuthKey_$APPLE_API_KEY_ID.p8 --key-id $APPLE_API_KEY_ID --issuer $APPLE_API_ISSUER Secretive.zip
+    - name: Attest
+      id: attest
+      uses: actions/attest-build-provenance@v2
+      with:
+        subject-name: "Secretive.zip"
+        subject-digest: sha256:${{ steps.upload.outputs.artifact-digest }}