diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml
index bdf917391..293f13af0 100644
--- a/.github/workflows/release-check.yml
+++ b/.github/workflows/release-check.yml
@@ -10,6 +10,9 @@ jobs:
   pypi:
 
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write
 
     steps:
     - uses: actions/checkout@v3
@@ -22,12 +25,12 @@ jobs:
     - name: Install dependencies
       run: pip install --user -U pip poetry
 
-    - name: Build and publish
-      env:
-        _PASSWORD: ${{ secrets.TEST_PYPI_TOKEN }}
+    - name: Build
       run: |
         poetry install
         poetry build
-        poetry config repositories.testpypi https://test.pypi.org/legacy/
-        poetry config pypi-token.testpypi $_PASSWORD
-        poetry publish --repository testpypi
+
+    - name: Publish
+      uses: pypa/gh-action-pypi-publish@release/v1
+      with:
+        repository-url: https://test.pypi.org/legacy/
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2355d7d53..0168c12e6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -30,6 +30,9 @@ jobs:
 
   pypi:
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write
 
     steps:
     - uses: actions/checkout@v3
@@ -42,11 +45,10 @@ jobs:
     - name: Install dependencies
       run: pip install --user --upgrade pip poetry
 
-    - name: Build and publish
-      env:
-        _PASSWORD: ${{ secrets.TEST_PYPI_TOKEN }}
+    - name: Build
       run: |
         poetry install
         poetry build
-        poetry config pypi-token.pypi $_PASSWORD
-        poetry publish
+
+    - name: Publish
+      uses: pypa/gh-action-pypi-publish@release/v1