In Trusted Tokens, you must protect your PyPI package by configuring trusted publishers and exchanging short-lived identity tokens using OpenID Connect (OIDC) before publishing. Collect resources and manage your environment to increase the security of your release workflows and ensure that only a trusted subset of maintainers can manually approve each run.