diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml
index 399031e45..dc35ec43d 100644
--- a/.github/workflows/deploy-dev.yml
+++ b/.github/workflows/deploy-dev.yml
@@ -2,6 +2,10 @@ name: Deploy DEV
 on:
   workflow_dispatch:
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   build:
     name: Build, push and deploy to dev-gcp
diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml
index 5b1dff1d0..8a3e0317b 100644
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -5,6 +5,10 @@ on:
     branches:
       - 'main'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   build:
     name: Build, push and deploy to prod-gcp