diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml
index a2e8589..baa1e76 100644
--- a/.github/workflows/release-python.yml
+++ b/.github/workflows/release-python.yml
@@ -97,6 +97,9 @@ jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write
     needs: [macos, linux, windows, sdist]
     steps:
       - uses: actions/download-artifact@v4
@@ -104,8 +107,6 @@ jobs:
       - name: Publish to PyPI
         uses: messense/maturin-action@v1
         if: github.event_name == 'release' && github.event.action == 'published'
-        env:
-          MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
         with:
           command: upload
           args: --skip-existing wheels-*/*