diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml
index e454659..be25ac1 100644
--- a/.github/workflows/provenance.yml
+++ b/.github/workflows/provenance.yml
@@ -1,4 +1,4 @@
-name: Create a Release with SLSA Provenance
+name: Create a Release with signed SLSA Provenance
 
 on:
   create:
diff --git a/README.md b/README.md
index 3519e59..9008fae 100644
--- a/README.md
+++ b/README.md
@@ -47,3 +47,8 @@ Same as 1, plus:
 - [Service generated](https://slsa.dev/spec/v0.1/requirements#service-generated)
   - The provenance is generated by the build service, not directly by e.g. a
     developer.
+
+Demo: Create a new tag, e.g., `git tag -a v0.2.0 -m "v0.2.0"` and push it to
+GitHub. Then you can download the provenance file and verify it using the
+signature like so: `gpg --verify build.provenance.asc build.provenance`.
+