diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml
index 5372d59..9031ed9 100644
--- a/.github/workflows/publish-cli.yml
+++ b/.github/workflows/publish-cli.yml
@@ -275,6 +275,59 @@ jobs:
             fi
           }
 
+          append_historical_assets() {
+            local version="$1"
+            local asset
+            local versioned_asset
+            local base
+            local assets=()
+
+            while IFS= read -r asset; do
+              assets+=("${asset##*/}")
+            done < <(find dist/release-assets -maxdepth 1 -type f | sort)
+
+            for asset in "${assets[@]}"; do
+              case "$asset" in
+                SHA256SUMS)
+                  continue
+                  ;;
+                *.exe.sigstore.json)
+                  base="${asset%.exe.sigstore.json}"
+                  versioned_asset="${base}-${version}.exe.sigstore.json"
+                  ;;
+                *.sh.sigstore.json)
+                  base="${asset%.sh.sigstore.json}"
+                  versioned_asset="${base}-${version}.sh.sigstore.json"
+                  ;;
+                *.sigstore.json)
+                  base="${asset%.sigstore.json}"
+                  versioned_asset="${base}-${version}.sigstore.json"
+                  ;;
+                *.exe)
+                  base="${asset%.exe}"
+                  versioned_asset="${base}-${version}.exe"
+                  ;;
+                *.sh)
+                  base="${asset%.sh}"
+                  versioned_asset="${base}-${version}.sh"
+                  ;;
+                *)
+                  versioned_asset="${asset}-${version}"
+                  ;;
+              esac
+              cp "dist/release-assets/${asset}" "dist/release-assets/${versioned_asset}"
+            done
+
+            (
+              cd dist/release-assets
+              local versioned_assets=()
+              while IFS= read -r asset; do
+                versioned_assets+=("${asset#./}")
+              done < <(find . -maxdepth 1 -type f -name "*${version}*" ! -name "SHA256SUMS-${version}" | sort)
+              shasum -a 256 "${versioned_assets[@]}" > "SHA256SUMS-${version}"
+            )
+          }
+
           RELEASE_FLAGS=()
           if [ "$RELEASE_PRERELEASE" = "true" ]; then
             RELEASE_FLAGS+=(--prerelease)
@@ -294,6 +347,7 @@ jobs:
               git tag "$RELEASE_TAG" "$GITHUB_SHA"
               git push origin "refs/tags/${RELEASE_TAG}"
             fi
+            append_historical_assets "$RELEASE_TAG"
             git tag -f nightly "$GITHUB_SHA"
             git push origin refs/tags/nightly --force
             publish_release nightly "$RELEASE_TITLE" "$NIGHTLY_ALIAS_NOTES" --prerelease --latest=false
diff --git a/scripts/install-volcano.sh b/scripts/install-volcano.sh
index 3896445..f95423c 100755
--- a/scripts/install-volcano.sh
+++ b/scripts/install-volcano.sh
@@ -67,6 +67,7 @@ verify_signature() {
   local bundle="$2"
   local version="$3"
   local semver_re
+  local nightly_re
   local identity
 
   if [ "${VOLCANO_SKIP_SIGNATURE_VERIFICATION:-}" = "1" ]; then
@@ -75,6 +76,7 @@ verify_signature() {
   fi
 
   semver_re='^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)$'
+  nightly_re='^v0\.0\.[0-9]+-nightly\.[0-9]{8}\.[0-9]+$'
   case "$version" in
     latest)
       cosign verify-blob "$file" \
@@ -95,8 +97,13 @@ verify_signature() {
           --bundle "$bundle" \
           --certificate-identity "$identity" \
           --certificate-oidc-issuer "$VOLCANO_SIGNATURE_OIDC_ISSUER"
+      elif [[ "$version" =~ $nightly_re ]]; then
+        cosign verify-blob "$file" \
+          --bundle "$bundle" \
+          --certificate-identity "$VOLCANO_NIGHTLY_SIGNATURE_IDENTITY" \
+          --certificate-oidc-issuer "$VOLCANO_SIGNATURE_OIDC_ISSUER"
       else
-        fail "cannot verify signature for unsupported Volcano CLI version selector: ${version}; use latest, nightly, or vMAJOR.MINOR.PATCH"
+        fail "cannot verify signature for unsupported Volcano CLI version selector: ${version}; use latest, nightly, vMAJOR.MINOR.PATCH, or v0.0.N-nightly.YYYYMMDD.NUMBER"
       fi
       ;;
   esac
@@ -108,8 +115,11 @@ release_asset_url() {
   local version="$1"
   local asset="$2"
   local semver_re
+  local nightly_re
+  local versioned_asset
 
   semver_re='^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)$'
+  nightly_re='^v0\.0\.[0-9]+-nightly\.[0-9]{8}\.[0-9]+$'
   case "$version" in
     latest)
       echo "${VOLCANO_GITHUB_RELEASES_URL%/}/latest/download/${asset}"
@@ -120,8 +130,14 @@ release_asset_url() {
     *)
       if [[ "$version" =~ $semver_re ]]; then
         echo "${VOLCANO_GITHUB_RELEASES_URL%/}/download/${version}/${asset}"
+      elif [[ "$version" =~ $nightly_re ]]; then
+        versioned_asset="${asset}-${version}"
+        if [[ "$asset" == *.exe ]]; then
+          versioned_asset="${asset%.exe}-${version}.exe"
+        fi
+        echo "${VOLCANO_GITHUB_RELEASES_URL%/}/download/nightly/${versioned_asset}"
       else
-        fail "unsupported Volcano CLI version selector: ${version}; use latest, nightly, or vMAJOR.MINOR.PATCH"
+        fail "unsupported Volcano CLI version selector: ${version}; use latest, nightly, vMAJOR.MINOR.PATCH, or v0.0.N-nightly.YYYYMMDD.NUMBER"
       fi
       ;;
   esac