diff --git a/.github/workflows/pypi-ci.yml b/.github/workflows/pypi-ci.yml
index 6d5d97a..7251dd7 100644
--- a/.github/workflows/pypi-ci.yml
+++ b/.github/workflows/pypi-ci.yml
@@ -46,6 +46,11 @@ jobs:
     runs-on: ubuntu-24.04
     needs: [build_wheels]
     if: startsWith(github.ref, 'refs/tags')
+    # Specifying a GitHub environment is optional, but strongly encouraged
+    environment: release
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
     steps:
       - name: Download artifacts
         uses: actions/download-artifact@v4
@@ -55,5 +60,3 @@ jobs:
 
       - name: Publish distribution 📦 to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}