diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
index 4d5fda17f2..1bd7a5f656 100644
--- a/.github/workflows/pypi.yml
+++ b/.github/workflows/pypi.yml
@@ -21,15 +21,25 @@ jobs:
   make_sdist:
     name: Make SDist
     runs-on: ubuntu-latest
+    permissions:
+      # write id-token and attestations are required to attest build provenance
+      id-token: write
+      attestations: write
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
           submodules: true
+          persist-credentials: false
 
       - name: Build SDist
         run: pipx run build --sdist
 
+      - name: Attest GitHub build provenance
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: dist/*.tar.gz
+
       - uses: actions/upload-artifact@v4
         with:
           name: sdist
@@ -45,11 +55,16 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
       - uses: hynek/build-and-inspect-python-package@v2
 
   build_wheels:
     name: Build wheels for ${{ matrix.platform }}
     runs-on: ${{ matrix.platform }}
+    permissions:
+      # write id-token and attestations are required to attest build provenance
+      id-token: write
+      attestations: write
     strategy:
       matrix:
         platform:
@@ -60,10 +75,16 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Build wheels
         uses: pypa/cibuildwheel@v2.22.0
 
+      - name: Attest GitHub build provenance
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: ./wheelhouse/*.whl
+
       - uses: actions/upload-artifact@v4
         with:
           name: wheels-${{ matrix.platform }}
@@ -72,10 +93,15 @@ jobs:
   build_universal_wheel:
     name: Build universal wheel for Pyodide
     runs-on: ubuntu-latest
+    permissions:
+      # write id-token and attestations are required to attest build provenance
+      id-token: write
+      attestations: write
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Set up Python
         uses: actions/setup-python@v5
@@ -89,6 +115,11 @@ jobs:
         run: |
           PYODIDE=1 python setup.py bdist_wheel --universal
 
+      - name: Attest GitHub build provenance
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: dist/*.whl
+
       - uses: actions/upload-artifact@v4
         with:
           name: universal_wheel
@@ -125,9 +156,16 @@ jobs:
 
   upload_pypi:
     name: Upload to PyPI on release
+    # Use the `release` GitHub environment to protect the Trusted Publishing (OIDC)
+    # workflow by requiring signoff from a maintainer.
+    environment: release
+    permissions:
+      # write id-token is required for trusted publishing (OIDC)
+      id-token: write
     needs: [check_dist]
     runs-on: ubuntu-latest
-    if: github.event_name == 'release' && github.event.action == 'published'
+    # Don't publish from forks
+    if: github.repository_owner == 'pymc-devs' && github.event_name == 'release' && github.event.action == 'published'
     steps:
       - uses: actions/download-artifact@v4
         with:
@@ -146,6 +184,4 @@ jobs:
           path: dist
 
       - uses: pypa/gh-action-pypi-publish@v1.12.2
-        with:
-          user: __token__
-          password: ${{ secrets.pypi_password }}
+        # Implicitly attests that the packages were uploaded in the context of this workflow.