diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
index b28d0e5..bb4a1ef 100644
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/npm-publish.yml
@@ -1,9 +1,9 @@
-name: Publish package to npm
+name: Publish package to npm (manual)
 on:
   workflow_dispatch:
     inputs:
       branch:
-        description: 'Git branch to build and publish'
+        description: "Git branch to build and publish"
         required: true
         default: main
 jobs:
@@ -16,10 +16,10 @@ jobs:
       - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.inputs.branch }}
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
-          node-version: '20.x'
-          registry-url: 'https://registry.npmjs.org'
+          node-version: "22.x"
+          registry-url: "https://registry.npmjs.org"
       - run: npm install -g npm
       - run: npm install
       - run: npm test
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 96d175e..9f325c3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -20,3 +20,24 @@ jobs:
           package-name: "@elastic/elasticsearch-serverless"
           bootstrap-sha: "e71b2ff05abf70702e9342378da571032e670c8c"
           token: ${{ secrets.TOKEN_RELEASE_PLEASE }}
+
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    needs: [release-please]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: main
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "22.x"
+          registry-url: "https://registry.npmjs.org"
+      - run: npm install -g npm
+      - run: npm install
+      - run: npm test
+      - run: npm publish --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}