diff --git a/.github/scripts/ephemeral-gen.sh b/.github/scripts/ephemeral-gen.sh
index fc1e58d6..2fd12ca4 100755
--- a/.github/scripts/ephemeral-gen.sh
+++ b/.github/scripts/ephemeral-gen.sh
@@ -2,7 +2,6 @@
 
 set -euxo pipefail
 
-cargo binstall -y rsign2 rage
 rsign generate -f -W -p minisign.pub -s minisign.key
 
 set +x
diff --git a/.github/scripts/ephemeral-sign.sh b/.github/scripts/ephemeral-sign.sh
index ef458e58..ae677d57 100755
--- a/.github/scripts/ephemeral-sign.sh
+++ b/.github/scripts/ephemeral-sign.sh
@@ -7,7 +7,6 @@ cat >> age.key <<< "$AGE_KEY_SECRET"
 
 set -x
 
-cargo binstall -y rsign2 rage
 rage --decrypt --identity age.key --output minisign.key minisign.key.age
 
 ts=$(node -e 'console.log((new Date).toISOString())')
diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml
index bf4bb152..4aaf0322 100644
--- a/.github/workflows/release-cli.yml
+++ b/.github/workflows/release-cli.yml
@@ -34,7 +34,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
+
     - uses: cargo-bins/cargo-binstall@main
+    - name: Install binaries required
+      run: cargo binstall -y --force rsign2 rage
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
     - name: Create ephemeral keypair
       id: keypair
       env:
diff --git a/.github/workflows/release-packages.yml b/.github/workflows/release-packages.yml
index b8085961..feff50e7 100644
--- a/.github/workflows/release-packages.yml
+++ b/.github/workflows/release-packages.yml
@@ -62,13 +62,10 @@ jobs:
       if: inputs.CARGO_PROFILE_RELEASE_CODEGEN_UNITS
       run: echo "CARGO_PROFILE_RELEASE_CODEGEN_UNITS=${{ inputs.CARGO_PROFILE_RELEASE_CODEGEN_UNITS }}" >> "$GITHUB_ENV"
 
-    - uses: cargo-bins/cargo-binstall@main
     - uses: ./.github/actions/just-setup
       with:
-        tools: cargo-auditable
+        tools: cargo-auditable,rsign2,rage
       env:
-        # just-setup use binstall to install sccache and cargo-auditable,
-        # which works better when we provide it with GITHUB_TOKEN.
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
     - run: just toolchain rust-src
@@ -135,10 +132,12 @@ jobs:
 
     steps:
     - uses: actions/checkout@v4
-    - uses: cargo-bins/cargo-binstall@main
+
     - uses: taiki-e/install-action@v2
       with:
-        tool: just
+        tool: just,rsign2,rage
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
     - uses: actions/download-artifact@v3
       with: