diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 94abf5e45..531482173 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -141,9 +141,6 @@ jobs:
     with:
       image_repo: ghcr.io/agntcy
       release_tag: ${{ github.ref_name }}
-    secrets:
-      PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
-      NPMJS_TOKEN: ${{ secrets.NPMJS_TOKEN }}
 
   integration:
     name: Run integration tests
diff --git a/.github/workflows/reusable-release-sdk.yaml b/.github/workflows/reusable-release-sdk.yaml
index 25b5f88fd..35d56ef63 100644
--- a/.github/workflows/reusable-release-sdk.yaml
+++ b/.github/workflows/reusable-release-sdk.yaml
@@ -16,33 +16,15 @@ on:
         type: boolean
         description: "Make a python SDK release."
         default: false
-  workflow_call:
-    inputs:
-      javascript-release:
-        required: false
-        type: boolean
-        description: "Make a javascript SDK release."
-        default: false
-      python-release:
-        required: false
-        type: boolean
-        description: "Make a python SDK release."
-        default: false
-    secrets:
-      PYPI_API_TOKEN:
-        description: "PyPI API token for publishing Python SDK"
-        required: true
-      NPMJS_TOKEN:
-        description: "NPM.js token for publishing JavaScript SDK"
-        required: true
 
 permissions:
   contents: read
+  id-token: write  # Required for npm OIDC trusted publishing
 
 jobs:
   python:
     name: Python
-    if: ${{ inputs.python-release == true || inputs.python-release == 'true' }}
+    if: ${{ inputs.python-release }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -71,7 +53,7 @@ jobs:
 
   javascript:
     name: JavaScript
-    if: ${{ inputs.javascript-release == true || inputs.javascript-release == 'true' }}
+    if: ${{ inputs.javascript-release }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -101,7 +83,5 @@ jobs:
           task sdk:build:javascript
 
       - name: Publish the Javascript SDK
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPMJS_TOKEN }}
         run: |
           task sdk:release:javascript
diff --git a/.github/workflows/reusable-release.yaml b/.github/workflows/reusable-release.yaml
index eff5e4e2a..ffd69544c 100644
--- a/.github/workflows/reusable-release.yaml
+++ b/.github/workflows/reusable-release.yaml
@@ -14,13 +14,6 @@ on:
         required: true
         type: string
         description: "Release tag for all components."
-    secrets:
-      PYPI_API_TOKEN:
-        description: "PyPI API token for publishing Python SDK"
-        required: true
-      NPMJS_TOKEN:
-        description: "NPM.js token for publishing JavaScript SDK"
-        required: true
 
 jobs:
   image:
@@ -69,23 +62,12 @@ jobs:
           path: bin
           if-no-files-found: error
 
-  sdk:
-    name: SDK
-    uses: ./.github/workflows/reusable-release-sdk.yaml
-    with:
-      javascript-release: true
-      python-release: true
-    secrets:
-      PYPI_API_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
-      NPMJS_TOKEN: ${{ secrets.NPMJS_TOKEN }}
-
   release:
     name: Release
     needs:
       - image
       - chart
       - cli
-      - sdk
     runs-on: ubuntu-latest
     outputs:
       upload_url: ${{ steps.create_release.outputs.upload_url }}
diff --git a/RELEASE.md b/RELEASE.md
index 5b1b24fe2..6e5def0f4 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -31,7 +31,23 @@ git push origin v1.0.0
 
 Please note that the release tag is not necessarily associated with the "release: prepare version v1.0.0" commit. For example, if any bug fixes were required after this commit, they can be merged and included in the release.
 
-## 3. Publish release
+## 3. Publish SDK packages (Manual)
+
+SDK packages (JavaScript and Python) are **not** automatically published during the release workflow. Before publishing the GitHub release, you must manually trigger the SDK release workflow.
+
+1. Navigate to [Actions > Release SDK](https://github.com/agntcy/dir/actions/workflows/reusable-release-sdk.yaml)
+
+2. Click **Run workflow**
+
+3. In the **Use workflow from** dropdown, select the release tag (e.g., `v1.0.0`)
+
+4. Select the options:
+   - **Make a javascript SDK release**: Check to publish to npm
+   - **Make a python SDK release**: Check to publish to PyPI
+
+5. Click **Run workflow** to start the release
+
+## 4. Publish release
 
 * Wait until the release workflow is completed successfully.
 
diff --git a/Taskfile.yml b/Taskfile.yml
index a371cc8a0..b10118d65 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -417,13 +417,11 @@ tasks:
     desc: Release all client SDK package
     env:
       UV_PUBLISH_TOKEN: "{{ .UV_PUBLISH_TOKEN }}"
-      NODE_AUTH_TOKEN: "{{ .NODE_AUTH_TOKEN }}"
     cmds:
       - task: sdk:release:javascript
       - task: sdk:release:python
 
   sdk:release:python:
-    ignore_error: true # FIXME: Need to check if package version already exists
     desc: Release python client SDK package
     dir: ./sdk/dir-py
     env:
@@ -434,11 +432,8 @@ tasks:
       - "{{.UV_BIN}} publish"
 
   sdk:release:javascript:
-    ignore_error: true # FIXME: Need to check if package version already exists
     desc: Release javascript client SDK package
     dir: ./sdk/dir-js
-    env:
-      NODE_AUTH_TOKEN: "{{ .NODE_AUTH_TOKEN }}"
     cmd: |
       version=$(npm pkg get version) 
 
diff --git a/sdk/dir-js/.npmrc b/sdk/dir-js/.npmrc
index 3bd5c96a6..9378daca3 100644
--- a/sdk/dir-js/.npmrc
+++ b/sdk/dir-js/.npmrc
@@ -1,3 +1,2 @@
-//registry.npmjs.org/:_auth=$NODE_AUTH_TOKEN
 @agntcy:registry=https://registry.npmjs.org/
 @buf:registry=https://buf.build/gen/npm/v1/