diff --git a/.github/workflows/alerts.yaml b/.github/workflows/alerts.yaml
index df8022d1..2be8e4d2 100644
--- a/.github/workflows/alerts.yaml
+++ b/.github/workflows/alerts.yaml
@@ -11,18 +11,18 @@ jobs:
   apply-alerts:
     name: Apply alerts to cluster
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: deploy to dev
-        uses: nais/deploy/actions/deploy@v1
+        uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: dev-gcp
           RESOURCE: .nais/alerts-dev.yaml
       - name: deploy to prod
-        uses: nais/deploy/actions/deploy@v1
+        uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: prod-gcp
           RESOURCE: .nais/alerts-prod.yaml
diff --git a/.github/workflows/kafka.yaml b/.github/workflows/kafka.yaml
index b3e57f16..7a4513f2 100644
--- a/.github/workflows/kafka.yaml
+++ b/.github/workflows/kafka.yaml
@@ -8,15 +8,17 @@ on:
       - '.github/workflows/kafka.yaml'
       - '.nais/kafka/**'
 
+permissions:
+  id-token: write
+
 jobs:
   deploy-kafka-dev:
     name: Deploy Kafka topic to NAIS dev-gcp
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: nais/deploy/actions/deploy@v1
+      - uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: dev-gcp
           RESOURCE: .nais/kafka/personoppgavehendelse.yaml
           VARS: .nais/kafka/dev.json
@@ -27,9 +29,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: nais/deploy/actions/deploy@v1
+      - uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: prod-gcp
           RESOURCE: .nais/kafka/personoppgavehendelse.yaml
           VARS: .nais/kafka/prod.json