diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2f09d1e..c00e958 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,11 +12,14 @@ jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      # Needed for lerna version to determine last tag
+      # Needed for release-it to determine last tag and version history
       - name: Fetch
         run: git fetch --prune --unshallow --tags
 
@@ -29,7 +32,12 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: '18'
+          node-version: '20'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Update npm for trusted publishing
+        run: npm install -g npm@latest
+
 
       - name: Install
         run: yarn install --frozen-lockfile
@@ -45,12 +53,6 @@ jobs:
           git config --global user.name amplitude-sdk-bot
           git config --global user.email amplitude-sdk-bot@users.noreply.github.com
 
-      - name: Setup NPM Token
-        if: ${{ github.event.inputs.dryRun == 'false'}}
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: echo //registry.npmjs.org/:_authToken=${NPM_TOKEN} > .npmrc
-
       - name: Release (Dry Run)
         if: ${{ github.event.inputs.dryRun == 'true'}}
         env:
diff --git a/package.json b/package.json
index 752a858..8c6684e 100644
--- a/package.json
+++ b/package.json
@@ -107,7 +107,8 @@
       "tagName": "v${version}"
     },
     "npm": {
-      "publish": true
+      "publish": true,
+      "publishArgs": ["--provenance"]
     },
     "github": {
       "release": true