diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index cbc4261..3df2174 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -57,10 +57,16 @@ jobs:
       - name: Test with pytest
         run: poetry run pytest
 
-  deploy:
+  pypi-publish:
+    name: upload release to PyPI
     needs: test
     runs-on: ubuntu-latest
-    name: Build and publish the package to PYPI
+    permissions:
+      # IMPORTANT: this permission is mandatory for Trusted Publishing
+      id-token: write
+    # only run on tagged commits
+    if: startsWith(github.ref, 'refs/tags')
+
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python 3.10
@@ -75,8 +81,4 @@ jobs:
         run: python -m build --sdist --wheel --outdir dist/ .
 
       - name: Publish distribution to PyPI
-        if: startsWith(github.ref, 'refs/tags')
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
-          verbose: true