diff --git a/.github/workflows/nuget-package-publish.yml b/.github/workflows/nuget-package-publish.yml
index 23b1840..9dc4384 100644
--- a/.github/workflows/nuget-package-publish.yml
+++ b/.github/workflows/nuget-package-publish.yml
@@ -1,13 +1,13 @@
 name: Publish to nuget
 on:
   push:
-    branches: [ main ]
+    branches: [main]
     paths:
       - "src/**"
       - ".github/workflows/nuget-package-publish.yml"
-  
+
   pull_request:
-    branches: [ main ]
+    branches: [main]
     paths:
       - "src/**"
       - ".github/workflows/nuget-package-publish.yml"
@@ -15,12 +15,14 @@ on:
   workflow_dispatch:
 
 env:
-  API_KEY: ${{ secrets.NUGET_PACKAGES_GITHUB_API_KEY }}
   CSPROJ_PATH: src/BccCode.Linq/BccCode.Linq.csproj
 
 jobs:
   publish:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
 
     steps:
       - uses: actions/checkout@v2
@@ -41,13 +43,21 @@ jobs:
           else
              echo "VERSION=${{ env.NUGET_PACKAGE_VERSION_BASE }}.${{ github.run_number}}-beta" >> "$GITHUB_ENV"
           fi
-          
+
       - name: Run Tests
         run: dotnet test
 
       - name: Package
         run: dotnet pack -p:PackageVersion=${{ env.VERSION }} -c Release -o . ${{ env.CSPROJ_PATH }}
 
+      - uses: NuGet/login@v1
+        id: login
+        with:
+          user: ${{vars.NUGET_USER}}
+
       - name: Publish
-        if: env.API_KEY != ''
-        run: dotnet nuget push *.nupkg -k "${{ env.API_KEY }}" -s https://api.nuget.org/v3/index.json --skip-duplicate
+        run: |
+          dotnet nuget push *.nupkg \
+          --api-key ${{ steps.login.outputs.NUGET_API_KEY }} \
+          --source https://api.nuget.org/v3/index.json \
+          --skip-duplicate