diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index ef7a9ea5..878c2999 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -1,7 +1,4 @@
-# This workflows will upload a Python Package using Twine when a release is created
-# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
-
-name: Upload Python Package
+name: Publish
 
 on:
   release:
@@ -12,9 +9,14 @@ on:
 
 jobs:
   deploy:
+    name: Upload to PyPI
 
     runs-on: ubuntu-latest
 
+    permissions:
+      # IMPORTANT: this permission is mandatory for Trusted Publishing
+      id-token: write
+
     steps:
     - uses: actions/checkout@v5
     - name: Set up Python
@@ -28,7 +30,11 @@ jobs:
         virtualenvs-create: true
         virtualenvs-in-project: true
 
-    - name: Build and publish
+    - name: Build
       run: |
         poetry build -vvv
-        poetry publish -u ${{ secrets.PYPI_USERNAME }} -p ${{ secrets.PYPI_PASSWORD }}
+        ls -lh dist/
+
+    # https://github.com/pypa/gh-action-pypi-publish?tab=readme-ov-file#trusted-publishing
+    - name: Publish package distributions to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1