diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml
index dcdceac9..551639d1 100644
--- a/.github/workflows/ci_cd.yml
+++ b/.github/workflows/ci_cd.yml
@@ -154,13 +154,16 @@ jobs:
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
     needs: [build-library, update-changelog]
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write
+      contents: write
     steps:
       - uses: ansys/actions/release-pypi-public@v7
         name: "Release to public PyPI"
         with:
           library-name: ${{ env.LIBRARY_NAME }}
-          twine-username: "__token__"
-          twine-token: ${{ secrets.PYPI_TOKEN }}
+          use-trusted-publisher: true
 
       - uses: ansys/actions/release-github@v7
         name: "Release to GitHub"
diff --git a/doc/changelog.d/646.maintenance.md b/doc/changelog.d/646.maintenance.md
new file mode 100644
index 00000000..b4012345
--- /dev/null
+++ b/doc/changelog.d/646.maintenance.md
@@ -0,0 +1 @@
+Use PyPI Trusted Publisher approach for releases
\ No newline at end of file