diff --git a/.github/workflows/dotnet-linux-pub.yml b/.github/workflows/dotnet-linux-pub.yml
index 103fb6b..c8dd782 100644
--- a/.github/workflows/dotnet-linux-pub.yml
+++ b/.github/workflows/dotnet-linux-pub.yml
@@ -3,12 +3,13 @@ name: .NET Linux Publish Release
 on:
   release:
     types: [ "published" ]
-    
+
 jobs:
   build:
     runs-on: ubuntu-latest
     permissions:
       packages: write
+      id-token: write
     steps:
     - name: Checkout
       uses: actions/checkout@v4
@@ -23,9 +24,15 @@ jobs:
 
     - name: Test
       run: dotnet test --no-build --verbosity normal --configuration Release Pmad.Cartography.sln
+      
+    - name: NuGet login (OIDC → temp API key)
+      uses: NuGet/login@v1
+      id: login
+      with:
+        user: ${{ secrets.NUGET_USER }}
 
     - name: Publish Nuget to nuget.org
-      run: dotnet nuget push **/*.nupkg -k ${{ secrets.NUGET_PUSH_API_KEY }} -s https://api.nuget.org/v3/index.json --skip-duplicate
+      run: dotnet nuget push **/*.nupkg --api-key ${{ steps.login.outputs.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json --skip-duplicate
         
     - name: Publish NuGet package to GitHub
       run: |