diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
index d2f91e4..61c50b6 100644
--- a/.github/workflows/dev.yml
+++ b/.github/workflows/dev.yml
@@ -14,6 +14,8 @@ jobs:
           - miniforge-variant: Mambaforge
             miniforge-version: 4.11.0-4
     runs-on: ${{ matrix.os }}
+    permissions:
+      id-token: write
 
     steps:
       - uses: actions/checkout@v2
@@ -63,10 +65,8 @@ jobs:
           twine check --strict dist/*
 
       - name: publish to test pypi
-        uses: pypa/gh-action-pypi-publish@master
+        uses: pypa/gh-action-pypi-publish@release/v1
         if: github.event_name == 'push' # This step will only run on pushes
         with:
-          user: __token__
           password: ${{ secrets.TEST_PYPI_API_TOKEN }}
           repository_url: https://test.pypi.org/legacy/
-          skip_existing: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4d5adc3..91e59d2 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,7 +9,8 @@ jobs:
   release:
     name: create release
     runs-on: ubuntu-latest
-
+    permissions:
+      id-token: write
     strategy:
       matrix:
         python-versions: ["3.10"]
@@ -63,6 +64,4 @@ jobs:
       - name: publish to pypi
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          user: __token__
           password: ${{ secrets.PYPI_API_TOKEN }}
-          skip_existing: true