diff --git a/.github/workflows/pypi.yaml b/.github/workflows/pypi.yaml
index 7908911ce..f36f0f3ca 100644
--- a/.github/workflows/pypi.yaml
+++ b/.github/workflows/pypi.yaml
@@ -5,9 +5,13 @@ on:
 
 jobs:
   publish:
-    name: Publish to PyPi
+    name: Publish to PyPI
     runs-on: ubuntu-latest
 
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -15,18 +19,19 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: 3
+          python-version: 3.11
 
       - name: Install Dependencies
         run: |
-          pip install wheel
+          pip install build
 
       - name: Build rez
         run: |
-          python setup.py sdist bdist_wheel
+          python -m build --sdist --wheel --outdir dist .
 
-      - name: Upload to PyPi
+      # Note that we don't need credentials.
+      # We rely on https://docs.pypi.org/trusted-publishers/.
+      - name: Upload to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          user: __token__
-          password: '${{ secrets.PYPI_API_TOKEN }}'
+          packages-dir: dist
diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 000000000..fed528d4a
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,3 @@
+[build-system]
+requires = ["setuptools"]
+build-backend = "setuptools.build_meta"