diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a019b84..d52dc3c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -84,6 +84,8 @@ jobs:
     steps:
       - name: Check out repository
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Setup Python
         uses: actions/setup-python@v5
         with:
diff --git a/.github/workflows/release-pypi.yml b/.github/workflows/release-pypi.yml
index 00249a2..f28b358 100644
--- a/.github/workflows/release-pypi.yml
+++ b/.github/workflows/release-pypi.yml
@@ -26,6 +26,7 @@ jobs:
           name: package-distributions
           github-token: ${{ secrets.RELEASE_TOKEN }}
           path: dist/
+          persist-credentials: false
       - name: Sign the dists
         uses: sigstore/gh-action-sigstore-python@v2.1.1
         with: