Trusted Publishers: To the Moon

You are a PyPI package maintainer who has just discovered a revolutionary new method for secure publishing, Trusted Publishers. Your mission is to implement this new process and eliminate the need for long-lived passwords and API tokens. But beware of the hackers who want to steal your short-lived API tokens and sabotage your publishing process. Can you keep your packages secure and reach the moon?