diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 431f21e69..d3c21aa91 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -43,12 +43,22 @@ jobs:
     - uses: actions/upload-artifact@v3
       with:
         name: built-packages
+        if-no-files-found: error
         path: |
           ./dist/*.whl
           ./dist/*.tar.gz
 
+  publish_release:
+    name: Publish to PyPi
+    runs-on: ubuntu-22.04
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
+    needs:
+      - build_wheels
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
+    steps:
+    - uses: actions/download-artifact@v3
+      with:
+        name: built-packages
     - name: Publish to Pypi
-      if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
       uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        password: ${{ secrets.PYPI_API_TOKEN }}