diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 7f1f434..945e4a0 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -2,14 +2,18 @@ name: .NET Build and Publish
 
 on:
   push:
-    branches: ["master"] 
+    tags: ["*.*.*"]
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    environment:
+      name: 'nuget.org'
+    permissions:
+      id-token: write  # enable GitHub OIDC token issuance for this job
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
           filter: tree:0
@@ -28,6 +32,12 @@ jobs:
               
       - name: 🔫 Build and Pack
         run: ./build.sh pack
-
+        
+      - name: NuGet login (OIDC → temp API key)
+        uses: NuGet/login@v1
+        id: login
+        with:
+          user: ${{ secrets.NUGET_USER }}
+          
       - name: Push to nuget.org
-        run: dotnet nuget push output/*.nupkg --source "https://api.nuget.org/v3/index.json" --api-key ${{secrets.CONNECTORS_NUGET_TOKEN }} --skip-duplicate
+        run: dotnet nuget push output/*.nupkg --source "https://api.nuget.org/v3/index.json" --api-key ${{steps.login.outputs.NUGET_API_KEY}}