From 85cbb1c7b2b8cfd49d116be7e9d57ca407669d3b Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Wed, 10 May 2023 10:30:34 +0300
Subject: [PATCH] docs: Document PyPI Trusted Publishing

Fixes #2386

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
---
 docs/RELEASE.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/RELEASE.md b/docs/RELEASE.md
index a0a88620..f2ff5b87 100644
--- a/docs/RELEASE.md
+++ b/docs/RELEASE.md
@@ -3,18 +3,18 @@
 
 **Prerequisites (one-time setup)**
 
-
-1. Go to [PyPI management page](https://pypi.org/manage/account/#api-tokens) and create
-   an [API token](https://pypi.org/help/#apitoken) with its scope limited to the tuf project.
+1. Enable "Trusted Publishing" in PyPI project settings
+   * Publisher: GitHub
+   * Owner: theupdateframework
+   * Project: python-tuf
+   * Workflow: cd.yml
+   * Environment: release
 1. Go to [GitHub
    settings](https://github.com/theupdateframework/python-tuf/settings/environments),
    create an
    [environment](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#creating-an-environment)
    called `release` and configure [review
    protection](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#required-reviewers).
-1. In the environment create a
-   [secret](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets)
-   called `PYPI_API_TOKEN` and paste the token created above.
 
 ## Release