diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index f6fda7ec..bec89bc5 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -29,12 +29,13 @@ jobs:
           path: dist/
 
   publish:
-    # TODO: trusted publisher
-    # https://docs.astral.sh/uv/guides/publish/#publishing-your-package
     name: Publish on PyPI
     runs-on: ubuntu-latest
     environment:
       name: release
+    permissions:
+      # IMPORTANT: this permission is mandatory for Trusted Publishing
+      id-token: write
     needs: build
     steps:
       - name: Checkout source
@@ -50,5 +51,3 @@ jobs:
 
       - name: Publish on PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}