diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 7759f30e..e742f740 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -37,6 +37,7 @@ jobs:
     runs-on: ubuntu-latest
 
     permissions:
+      attestations: write
       id-token: write
 
     steps:
@@ -69,10 +70,6 @@ jobs:
         if: github.ref == 'refs/heads/develop'
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          # user and password should be removed
-          # because Github action is a trusted publiser
-          # user: __token__
-          # password: ${{ secrets.TEST_PYPI_API_TOKEN }}
           repository-url: https://test.pypi.org/legacy/
           skip-existing: true
 
@@ -80,9 +77,6 @@ jobs:
         if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          # user and password should be removed (if it is ok on test.pypi)
-          # user: __token__
-          # password: ${{ secrets.PYPI_API_TOKEN }}
           skip-existing: true
 
   create_Docker_builds: