diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
index 3bdc3e72..751f93a0 100644
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@@ -5,12 +5,15 @@ on:
 env:
   IMAGE: ghcr.io/navikt/familie-klage:${{ github.sha }}
 
+permissions:
+  contents: "read"
+  id-token: "write"
+  packages: "write"
+
 jobs:
   build:
     name: Build, push and deploy to dev-gcp
     runs-on: ubuntu-latest
-    permissions:
-      packages: "write"
     steps:
       - uses: actions/checkout@v4
         with:
@@ -41,6 +44,5 @@ jobs:
       - uses: actions/checkout@v4
       - uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: dev-gcp
           RESOURCE: .deploy/preprod.yaml
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
index 75ab6bf5..998ad382 100644
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -12,12 +12,15 @@ on:
 env:
   IMAGE: ghcr.io/navikt/familie-klage:${{ github.sha }}
 
+permissions:
+  contents: "read"
+  id-token: "write"
+  packages: "write"
+
 jobs:
   build:
     name: Build, push and deploy to dev-gcp and prod-gcp
     runs-on: ubuntu-latest
-    permissions:
-      packages: "write"
     steps:
       - uses: actions/checkout@v4
         with:
@@ -55,13 +58,11 @@ jobs:
       - name: Deploy til dev-gcp
         uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: dev-gcp
           RESOURCE: .deploy/preprod.yaml
       - name: Deploy til prod-gcp
         uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: prod-gcp
           RESOURCE: .deploy/prod.yaml
       - name: Post deploy failures to Slack