diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index a4dd4800..f13b58d2 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -16,6 +16,9 @@ jobs:
     name: Build and publish to PyPI
     if: startsWith(github.ref, 'refs/tags')
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
     steps:
 
     #-------- Info gathering and checks
@@ -144,7 +147,8 @@ jobs:
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
         packages-dir: dist
-        password: ${{ secrets.PYPI_API_TOKEN }}
+        # Pypi has a trusted publisher defined, so we do not need a password:
+        # https://pypi.org/manage/project/zhmcclient/settings/publishing/
 
     #-------- Creation of Github release
     - name: Determine whether release on Github exists for the pushed tag
diff --git a/changes/1738.feature.rst b/changes/1738.feature.rst
new file mode 100644
index 00000000..24da6021
--- /dev/null
+++ b/changes/1738.feature.rst
@@ -0,0 +1,2 @@
+Dev: Started using the trusted publisher concept of Pypi in order to avoid
+dealing with Pypi access tokens.