diff --git a/.github/workflows/build-test-publish-on-push-cached.yaml b/.github/workflows/build-test-publish-on-push-cached.yaml
index 1a3e03c3..25b709ca 100644
--- a/.github/workflows/build-test-publish-on-push-cached.yaml
+++ b/.github/workflows/build-test-publish-on-push-cached.yaml
@@ -114,6 +114,7 @@ jobs:
     # needs permissions to write tags to the repository
     permissions:
       contents: write
+      id-token: write
     needs:
       - build
       - test
@@ -125,6 +126,7 @@ jobs:
       GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN }}
       GH_USER: github-actions
       GH_EMAIL: github-actions@github.com
+      NPM_CONFIG_PROVENANCE: true
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 14f31f8a..9e566f97 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -133,6 +133,7 @@ jobs:
     # needs permissions to write tags to the repository
     permissions:
       contents: write
+      id-token: write
     needs:
       - build
       - test
@@ -144,6 +145,7 @@ jobs:
       GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN }}
       GH_USER: github-actions
       GH_EMAIL: github-actions@github.com
+      NPM_CONFIG_PROVENANCE: true
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4