diff --git a/.github/workflows/template_release_drafter.yml b/.github/workflows/template_release_drafter.yml
index e4d9b44..3ab319d 100644
--- a/.github/workflows/template_release_drafter.yml
+++ b/.github/workflows/template_release_drafter.yml
@@ -16,6 +16,13 @@ on:
       version:
         required: false
         type: string
+    secrets:
+      token:
+        required: false
+      app_id:
+        required: true
+      private_key:
+        required: true
 
 jobs:
   update_release_draft:
@@ -23,7 +30,18 @@ jobs:
     name: update release draft
     runs-on: ubuntu-22.04
 
+    env:
+      USING_APP_CREDENTIALS: ${{ secrets.app_id != '' && secrets.private_key != '' }}
+
     steps:
+      - name: Get App Token
+        if: ${{ env.USING_APP_CREDENTIALS == 'true' }}
+        uses: tibdex/github-app-token@v2.1.0
+        id: get_token
+        with:
+          app_id: ${{ secrets.app_id }}
+          private_key: ${{ secrets.private_key }}
+
       - name: Update Release
         uses: release-drafter/release-drafter@v5.25.0
         with:
@@ -32,4 +50,4 @@ jobs:
           tag: ${{ inputs.tag }}
           version: ${{ inputs.version }}
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ env.USING_APP_CREDENTIALS == 'true' && steps.get_token.outputs.token || secrets.token }}
diff --git a/README.md b/README.md
index 392a2e1..0cb9c83 100644
--- a/README.md
+++ b/README.md
@@ -239,6 +239,13 @@ jobs:
       tag: vX.Y.Z
       # optional: version to be associated with the release
       version: X.Y.Z
+    secrets:
+      # optional: access token for the release drafter
+      token: ${{ <your-token> }}
+      # optional: identifier of the GitHub App for authentication
+      app_id: ${{ <your-app-id> }}
+      # optional: private key of the GitHub App 
+      private_key: ${{ <your-private-key> }}
 ```
 </details>
 
@@ -422,6 +429,8 @@ With the current implementation of the reusable workflows from GitHub, we have s
 
 - It isn't possible to [access environment variables][reusable-workflow-env] and [secrets][reusable-workflow-secrets], so it's necessary to pass them to the workflow. But we don't want to do it for all secrets.
 
+There are also some [further limitations][further-limitations] if you want to use the `GITHUB_TOKEN`.
+
 ## Release 🔖
 
 To create a new release just use [this page][release-new] and publish the draft release.
@@ -451,3 +460,4 @@ This project is licensed under the Apache-2.0 License - see the [LICENSE.md](LIC
 [release-new]: https://github.com/Staffbase/gha-workflows/releases
 [reusable-workflow-secrets]: https://github.com/orgs/community/discussions/17554
 [reusable-workflow-env]: https://github.com/orgs/community/discussions/26671
+[further-limitations]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow