diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 26915feca..a6c944cc3 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -25,6 +25,6 @@ Feel free to edit, complete or extend this list while the PR is open.
 ### Checklist
 <!-- Remove items that do not apply. For completed items, change [ ] to [x], or check after submitting. -->
 
-- [ ] Update [CHANGELOG.md](https://github.com/edgelesssys/constellation/blob/main/CHANGELOG.md)
 - [ ] Update [docs](https://github.com/edgelesssys/constellation/tree/main/docs)
+- [ ] Add labels (e.g., for changelog category)
 - [ ] Link to Milestone
diff --git a/.github/release.yml b/.github/release.yml
new file mode 100644
index 000000000..8888e3d74
--- /dev/null
+++ b/.github/release.yml
@@ -0,0 +1,21 @@
+changelog:
+  exclude:
+    labels:
+      - no-changelog
+      - dependencies
+  categories:
+    - title: 🛠 Breaking changes
+      labels:
+        - breaking-change
+    - title: 🎁 New features
+      labels:
+        - feature
+    - title: 🛡 Security improvements
+      labels:
+        - security-fix
+    - title: 🐛 Bug fixes
+      labels:
+        - bug-fix
+    - title: 🔧 Other changes
+      labels:
+        - "*"
diff --git a/CHANGELOG.md b/CHANGELOG.md
deleted file mode 100644
index aab17cd15..000000000
--- a/CHANGELOG.md
+++ /dev/null
@@ -1,171 +0,0 @@
-<!--
-
-Styleguide for this document:
-
-- Sentences should end with a period.
-  - This is the keepachangelog style, whereas the Microsoft Style Guide we use for other docs omits periods for short list items.
-- Omit the verb if possible.
-  - "Early boot logging ..." instead of "Add early boot logging ...".
-  - If you need a verb, it should usually be imperative mood (Add instead of Added).
-- Items should start with a capital letter.
-
--->
-
-# Changelog
-
-All notable changes to Constellation will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [Unreleased]
-
-### Added
-
-### Changed
-<!-- For changes in existing functionality.  -->
-
-### Deprecated
-<!-- For soon-to-be removed features. -->
-
-### Removed
-<!-- For now removed features. -->
-
-### Fixed
-
-### Security
-<!-- For security related changes. -->
-
-## [2.3.0] - 2022-12-12
-
-### Added
-
-- Automatic CSI driver deployment for Azure and GCP during Constellation init
-- Release CLI with SLSA Level 3 requirements.
-- Improve reproducibility by pinning the Kubernetes components.
-- Client verification during `constellation init`
-- Environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` as an alternative way to provide the configuration value `provider.azure.clientSecretValue`.
-
-### Changed
-
-- Constellation operators are now deployed using Helm.
-- Updated the config version to v2. Check [how to migrate your config](https://docs.edgeless.systems/constellation/reference/config-migration).
-- OS images are now configured globally in the `images` field of the configuration file.
-- The `measurements` entry in the CLI now uses an updated format, merging `enforcedMeasurements` and old `measurements` into one
-- Expected measurements in the config and Constellation's Cluster-ID are now hex encoded by default. Base64 is still supported.
-
-### Removed
-
-- `access-manager` was removed from code base. K8s native way to SSH into nodes documented.
-- `SSHUsers` has been removed from the user configuration following the removal of `access-manager`.
-- Azure Trusted Launch support. May come back in the future.
-
-### Fixed
-
-- `constellation create` on GCP now always uses the local default credentials.
-
-## [2.2.2] - 2022-11-17
-
-### Fixed
-
-- `constellation create` on GCP now always uses the local default credentials.
-- A release process error encountered in v2.2.1. This led to a broken QEMU-based Constellation deployment, where PCR[8] didn't match.
-
-## [2.2.1] - 2022-11-16
-
-### Changed
-
-- Increase timeout for `constellation config fetch-measurements` from 3 seconds to 60 seconds.
-- Consistently log CLI warnings and errors to `stderr`.
-
-### Security
-
-Vulnerabilities in `kube-apiserver` fixed by upgrading to v1.23.14, v1.24.8 and v1.25.4:
-
-- [CVE-2022-3162](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3162)
-- [CVE-2022-3294](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3294)
-
-## [2.2.0] - 2022-11-08
-
-### Added
-
-- Sign generated SBOMs and store container image SBOMs in registry for easier usage.
-- Support for Constellation on AWS.
-- Constellation Kubernetes services are now managed using Helm.
-- Use tags to mark all applicable resources using a Constellation's UID on Azure.
-- Use labels to mark all applicable resources using a Constellation's UID on GCP.
-
-### Changed
-
-- Verify measurements using [Rekor](https://github.com/sigstore/rekor) transparency log.
-- The `constellation create` on Azure now uses Terraform to create and destroy cloud resources.
-- Constellation OS images are now based on Fedora directly and are built using [mkosi](https://github.com/systemd/mkosi).
-- `constellation terminate` will now prompt the user for confirmation before destroying any resources (can be skipped with `--yes`).
-- Use the `constellation-role` tag instead of `role` to indicate an instance's role on Azure.
-- Use labels instead of metadata to apply the `constellation-uid` and `constellation-role` tags on GCP.
-
-### Deprecated
-
-- `access-manager` is no longer deployed.
-
-### Removed
-
-- `endpoint` flag of `constellation init`. IP is now always taken from the `constellation-id.json` file.
-- `constellation-state.json` file won't be created anymore. Resources are now managed through Terraform.
-
-### Fixed
-
-### Security
-
-### Internal
-
-## [2.1.0] - 2022-10-07
-
-### Added
-
-- MiniConstellation: Try out Constellation locally without any cloud subscription required just with one command: `constellation mini up`
-- Loadbalancer for control-plane recovery
-- K8s conformance mode
-- Local cluster creation based on QEMU
-- Verification of Azure trusted launch attestation keys
-- Kubernetes version v1.25 is now fully supported.
-- Enabled Konnectivity.
-
-### Changed
-<!-- For changes in existing functionality.  -->
-- Autoscaling is now directly managed inside Kubernetes, by the Constellation node operator.
-- The `constellation create` on GCP now uses Terraform to create and destroy cloud resources.
-- GCP instances are now created without public IPs by default.
-- Kubernetes default version used in Constellation is now v1.24.
-
-### Deprecated
-<!-- For soon-to-be removed features. -->
-### Removed
-<!-- For now removed features. -->
-- CLI options for autoscaling, as this is now managed inside Kubernetes.
-- Kubernetes version v1.22 is no longer supported.
-
-### Fixed
-
-### Security
-
-Vulnerability inside the Go standard library fixed by updating to Go 1.19.2:
-
-- [GO-2022-1037](https://pkg.go.dev/vuln/GO-2022-1037) ([CVE-2022-2879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879))
-- [GO-2022-1038](https://pkg.go.dev/vuln/GO-2022-1038) ([CVE-2022-2880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880))
-- [GO-2022-0969](https://pkg.go.dev/vuln/GO-2022-0969) ([CVE-2022-27664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664))
-
-### Internal
-
-## [2.0.0] - 2022-09-12
-
-Initial release of Constellation.
-
-[Unreleased]: https://github.com/edgelesssys/constellation/compare/v2.1.0...HEAD
-[2.1.0]: https://github.com/edgelesssys/constellation/compare/v2.0.0...v2.1.0
-[2.0.0]: https://github.com/edgelesssys/constellation/releases/tag/v2.0.0
-[2.1.0]: https://github.com/edgelesssys/constellation/releases/tag/v2.1.0
-[2.2.0]: https://github.com/edgelesssys/constellation/releases/tag/v2.2.0
-[2.2.1]: https://github.com/edgelesssys/constellation/releases/tag/v2.2.1
-[2.2.2]: https://github.com/edgelesssys/constellation/releases/tag/v2.2.2
-[2.3.0]: https://github.com/edgelesssys/constellation/releases/tag/v2.3.0