diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml
index a6e1ad876b..61f6042b86 100644
--- a/.github/workflows/ci_cd.yml
+++ b/.github/workflows/ci_cd.yml
@@ -736,13 +736,17 @@ jobs:
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
     needs: [package, build-windows-container, build-linux-container, update-changelog]
     runs-on: ubuntu-latest
+    # Specifying a GitHub environment is optional, but strongly encouraged
+    environment: release
+    permissions:
+      id-token: write
+      contents: write
     steps:
       - name: Release to the public PyPI repository
         uses: ansys/actions/release-pypi-public@v6
         with:
           library-name: ${{ env.PACKAGE_NAME }}
-          twine-username: "__token__"
-          twine-token: ${{ secrets.PYPI_TOKEN }}
+          use-trusted-publisher: true
 
       - name: Release to GitHub
         uses: ansys/actions/release-github@v6
diff --git a/doc/changelog.d/1216.changed.md b/doc/changelog.d/1216.changed.md
new file mode 100644
index 0000000000..9c86feb677
--- /dev/null
+++ b/doc/changelog.d/1216.changed.md
@@ -0,0 +1 @@
+ci: use Trusted Publisher for releasing package
\ No newline at end of file