diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 655bd96206..745272cd67 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -8,7 +8,8 @@ jobs:
   test-pypi:
     name: Test PyPi release
     runs-on: ubuntu-latest
-
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
     steps:
       - name: Set up python
         uses: actions/setup-python@v4
@@ -35,8 +36,6 @@ jobs:
       - name: Publish to test PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          user: __token__
-          password: ${{ secrets.TEST_PYPI_API_TOKEN }}
           repository-url: https://test.pypi.org/legacy/
 
       - name: Sleep
@@ -74,19 +73,5 @@ jobs:
       - name: Build source and binary
         run: python -m build --sdist --wheel .
 
-      - name: Retrieve secret from Vault
-        uses: hashicorp/vault-action@v2.5.0
-        with:
-          method: jwt
-          url: "https://quansight-vault-public-vault-b2379fa7.d415e30e.z1.hashicorp.cloud:8200"
-          namespace: "admin/quansight"
-          role: "repository-nebari-dev-nebari-role"
-          secrets: |
-            kv/data/repository/nebari-dev/nebari/shared_secrets PYPI_USERNAME | PYPI_USERNAME;
-            kv/data/repository/nebari-dev/nebari/shared_secrets PYPI_PASSWORD | PYPI_PASSWORD;
-
       - name: Publish package
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: ${{ env.PYPI_USERNAME }}
-          password: ${{ env.PYPI_PASSWORD }}