diff --git a/.github/workflows/release-comms.yml b/.github/workflows/release-comms.yml
index e5532ca12ca..4a5bedfe2e1 100644
--- a/.github/workflows/release-comms.yml
+++ b/.github/workflows/release-comms.yml
@@ -21,8 +21,13 @@ on:
     - 'main'
     - 'release-*.*.*'
 
+permissions: {}
+
 jobs:
   setup:
+    permissions:
+      contents: read
+      id-token: write
     if: ${{ github.event_name == 'workflow_dispatch' || (github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/')) }}
     name: Setup and establish latest
     outputs:
@@ -56,9 +61,6 @@ jobs:
     name: Create next release branch (Grafana)
     needs: setup
     uses: ./.github/workflows/create-next-release-branch.yml
-    secrets:
-      GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
-      GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
     with:
       ownerRepo: 'grafana/grafana'
       source: ${{ needs.setup.outputs.release_branch }}
@@ -66,9 +68,6 @@ jobs:
     name: Create next release branch (Grafana Enterprise)
     needs: setup
     uses: ./.github/workflows/create-next-release-branch.yml
-    secrets:
-      GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
-      GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
     with:
       ownerRepo: 'grafana/grafana-enterprise'
       source: ${{ needs.setup.outputs.release_branch }}
@@ -77,9 +76,6 @@ jobs:
       - setup
       - create_next_release_branch_grafana
     uses: ./.github/workflows/migrate-prs.yml
-    secrets:
-      GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
-      GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
     with:
       ownerRepo: 'grafana/grafana'
       from: ${{ needs.setup.outputs.release_branch }}
@@ -89,9 +85,6 @@ jobs:
       - setup
       - create_next_release_branch_enterprise
     uses: ./.github/workflows/migrate-prs.yml
-    secrets:
-      GRAFANA_DELIVERY_BOT_APP_ID: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_ID }}
-      GRAFANA_DELIVERY_BOT_APP_PEM: ${{ secrets.GRAFANA_DELIVERY_BOT_APP_PEM }}
     with:
       ownerRepo: 'grafana/grafana-enterprise'
       from: ${{ needs.setup.outputs.release_branch }}
@@ -99,9 +92,6 @@ jobs:
   post_changelog_on_forum:
     needs: setup
     uses: ./.github/workflows/community-release.yml
-    secrets:
-      GRAFANA_MISC_STATS_API_KEY: ${{ secrets.GRAFANA_MISC_STATS_API_KEY }}
-      GRAFANABOT_FORUM_KEY: ${{ secrets.GRAFANABOT_FORUM_KEY }}
     with:
       version: ${{ needs.setup.outputs.version }}
       dry_run: ${{ needs.setup.outputs.dry_run == 'true' }}