diff --git a/.github/workflows/npm_and_docker_publish.yml b/.github/workflows/npm_and_docker_publish.yml
index 734cc7a..cf8ac28 100644
--- a/.github/workflows/npm_and_docker_publish.yml
+++ b/.github/workflows/npm_and_docker_publish.yml
@@ -3,6 +3,10 @@ on:
   release:
     types: [published]
 
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
 jobs:
   build-publish:
     runs-on: ubuntu-latest
@@ -23,9 +27,7 @@ jobs:
         run: yarn build:all
 
       - name: Publish npm package
-        run: yarn publish:anchor-tests
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: yarn publish:anchor-tests --provenance
 
       - name: Docker Login
         uses: docker/login-action@v2.1.0