diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 382c3b47..f2fd85ce 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -17,7 +17,10 @@ on:
       - hotfix/**
       - main
   workflow_dispatch:
+permissions:
+  packages: read
 env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   HUSKY: 0
   REF: ${{ github.head_ref || github.ref_name }}
 concurrency:
@@ -37,7 +40,6 @@ jobs:
         name: Checkout ${{ env.REF }}
         uses: actions/checkout@v3.0.2
         with:
-          persist-credentials: false
           ref: ${{ env.REF }}
       - id: yarn
         name: Install dependencies
diff --git a/.github/workflows/integrity.yml b/.github/workflows/integrity.yml
index 263a9aac..568fa27f 100644
--- a/.github/workflows/integrity.yml
+++ b/.github/workflows/integrity.yml
@@ -28,6 +28,8 @@ concurrency:
   cancel-in-progress: true
 jobs:
   integrity:
+    permissions:
+      packages: read
     runs-on: ubuntu-latest
     steps:
       - id: checkout
@@ -39,3 +41,5 @@ jobs:
       - id: dedupe-check
         name: Check for duplicate dependencies in lockfile
         run: yarn dedupe --check
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e04c6798..2c441e5f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -69,6 +69,7 @@ jobs:
     needs: metadata
     permissions:
       contents: write
+      packages: read
     runs-on: ubuntu-latest
     environment:
       name: production
diff --git a/.yarnrc.yml b/.yarnrc.yml
index 18039698..8457586c 100644
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -17,4 +17,14 @@ nmHoistingLimits: none
 
 nodeLinker: node-modules
 
+npmPublishAccess: public
+
+npmPublishRegistry: https://npm.pkg.github.com
+
+npmScopes:
+  flex-development:
+    npmAlwaysAuth: true
+    npmAuthToken: ${GITHUB_TOKEN}
+    npmRegistryServer: https://npm.pkg.github.com
+
 yarnPath: .yarn/releases/yarn-4.0.0-rc.14.cjs