diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a36fb9d..3eda9ac 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -31,6 +31,9 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build]
     environment: test-pypi
+    permissions:
+      # this permission is mandatory for trusted publishing
+      id-token: write
     steps:
     - uses: actions/download-artifact@v3
       with:
@@ -39,7 +42,6 @@ jobs:
     - name: Publish packages to Test PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        password: '${{ secrets.TEST_PYPI_API_TOKEN }}'
         repository_url: https://test.pypi.org/legacy/
         print_hash: true
   publish-to-pypi:
@@ -47,6 +49,9 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build]
     environment: pypi
+    permissions:
+      # this permission is mandatory for trusted publishing
+      id-token: write
     steps:
     - uses: actions/download-artifact@v3
       with:
@@ -55,5 +60,4 @@ jobs:
     - name: Publish packages to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        password: '${{ secrets.PYPI_API_TOKEN }}'
         print_hash: true