diff --git a/templates/github/.github/workflows/publish.yml.j2 b/templates/github/.github/workflows/publish.yml.j2
index ae6a448a..d8cc125d 100644
--- a/templates/github/.github/workflows/publish.yml.j2
+++ b/templates/github/.github/workflows/publish.yml.j2
@@ -30,27 +30,21 @@ jobs:
     runs-on: "ubuntu-latest"
     needs:
       - "build"
-
-    env:
-      GITHUB_TOKEN: "{{ '${{ secrets.GITHUB_TOKEN }}' }}"
+    environment:
+      name: "pypi"
+      url: "https://pypi.org/p/{{ plugin_name | dash }}"
+    permissions:
+      id-token: "write"
 
     steps:
-      {{ checkout(depth=1, path=plugin_name) | indent(6) }}
-
       - uses: "actions/download-artifact@v4"
         with:
           name: "plugin_package"
-          path: "{{ plugin_name }}/dist/"
-
-      {{ setup_python() | indent(6) }}
+          path: "dist/"
 
-      {{ install_python_deps(["twine"]) | indent(6) }}
+      - name: "Publish package to PyPI"
+        uses: pypa/gh-action-pypi-publish@release/v1
 
-      {{ set_secrets() | indent(6) }}
-
-      - name: "Deploy plugin to pypi"
-        run: |
-          .github/workflows/scripts/publish_plugin_pypi.sh {{ "${{ github.ref_name }}" }}
   {%- endif %}
 
   {%- if plugins %}
@@ -59,9 +53,10 @@ jobs:
     runs-on: "ubuntu-latest"
     needs:
       - "build"
-
-    env:
-      GITHUB_TOKEN: "{{ '${{ secrets.GITHUB_TOKEN }}' }}"
+    environment:
+      name: "pypi"
+    permissions:
+      id-token: "write"
 
     steps:
       {{ checkout(depth=1, path=plugin_name) | indent(6) }}
@@ -78,15 +73,10 @@ jobs:
           tar -xvf {{ plugin.app_label }}-python-client.tar
           {%- endfor %}
 
-      {{ setup_python() | indent(6) }}
-
-      {{ install_python_deps(["twine"]) | indent(6) }}
-
-      {{ set_secrets() | indent(6) }}
-
       - name: "Publish client to pypi"
-        run: |
-          bash .github/workflows/scripts/publish_client_pypi.sh {{ "${{ github.ref_name }}" }}
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          packages-dir: "{{ plugin_name }}/dist/"
   {%- endif %}
 
   {%- if deploy_client_to_rubygems %}
@@ -94,9 +84,10 @@ jobs:
     runs-on: "ubuntu-latest"
     needs:
       - "build"
-
-    env:
-      GITHUB_TOKEN: "{{ "${{ secrets.GITHUB_TOKEN }}" }}"
+    environment:
+      name: "rubygems"
+    permissions:
+      id-token: "write"
 
     steps:
       {{ checkout(depth=1, path=plugin_name) | indent(6) }}
@@ -115,11 +106,14 @@ jobs:
 
       {{ setup_ruby() | indent(6) }}
 
-      {{ set_secrets() | indent(6) }}
+      - name: "Set RubyGems Credentials"
+        uses: "rubygems/configure-rubygems-credentials@v1.0.0"
 
-      - name: "Publish client to rubygems"
+      - name: "Publish client to RubyGems"
         run: |
-          bash .github/workflows/scripts/publish_client_gem.sh {{ "${{ github.ref_name }}" }}
+          {%- for plugin in plugins %}
+          gem push "{{ plugin.name | snake }}_client-{{ "${{ github.ref_name }}" }}.gem"
+          {%- endfor %}
   {%- endif %}
   {%- endif %}