diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1ca7a6f3825d..2b186f7ccf10 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -632,6 +632,10 @@ jobs:
     if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
     needs: [test, update-changelog, nightly-dev-test]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write       # required for trusted publishing
+      contents: write       # required for GitHub release upload
+
     steps:
       - name: Set up Python
         uses: actions/setup-python@v5
@@ -653,14 +657,19 @@ jobs:
           TWINE_PASSWORD: ${{ secrets.PYANSYS_PYPI_PRIVATE_PAT }}
           TWINE_REPOSITORY_URL: https://pkgs.dev.azure.com/pyansys/_packaging/pyansys/pypi/upload
 
-      - name: Upload to Public PyPi
-        run: |
-          pip install twine
-          twine upload --skip-existing ./**/*.whl
-          python -m twine upload --skip-existing ./**/*.tar.gz
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.ANSYS_FLUENT_CORE_PYPI_TOKEN }}
+      - name: "Download the library artifacts from build-library step"
+        uses: actions/download-artifact@v4.3.0
+        with:
+          name: ${{ env.PACKAGE_NAME }}-artifacts
+          path: ${{ env.PACKAGE_NAME }}-artifacts
+
+      - name: "Upload artifacts to PyPI using trusted publisher"
+        uses: pypa/gh-action-pypi-publish@v1.12.4
+        with:
+          repository-url: "https://upload.pypi.org/legacy/"
+          print-hash: true
+          packages-dir: ${{ env.PACKAGE_NAME }}-artifacts
+          skip-existing: false
 
       - name: Release
         uses: softprops/action-gh-release@v2
diff --git a/doc/changelog.d/4332.dependencies.md b/doc/changelog.d/4332.dependencies.md
new file mode 100644
index 000000000000..90d26f7f21a0
--- /dev/null
+++ b/doc/changelog.d/4332.dependencies.md
@@ -0,0 +1 @@
+Update release CI to use trusted publishers.