diff --git a/.github/workflows/branch-develop.yml b/.github/workflows/branch-develop.yml
index 3c4c781..8d526fe 100644
--- a/.github/workflows/branch-develop.yml
+++ b/.github/workflows/branch-develop.yml
@@ -38,6 +38,8 @@ jobs:
   
   tag-release:
     needs: [ get-version,publish-to-nuget ]
+    permissions:
+      contents: write
     uses: ./.github/workflows/step-tag-release.yml
     secrets:
       github-token: ${{ secrets.CREATE_PR_TOKEN }}
diff --git a/.github/workflows/branch-master.yml b/.github/workflows/branch-master.yml
index 67640a7..d5abd13 100644
--- a/.github/workflows/branch-master.yml
+++ b/.github/workflows/branch-master.yml
@@ -31,6 +31,8 @@ jobs:
   
   tag-release:
     needs: [ get-version,publish-to-nuget ]
+    permissions:
+      contents: write
     uses: ./.github/workflows/step-tag-release.yml
     secrets:
       github-token: ${{ secrets.CREATE_PR_TOKEN }}
diff --git a/.github/workflows/step-tag-release.yml b/.github/workflows/step-tag-release.yml
index 656db89..af07983 100644
--- a/.github/workflows/step-tag-release.yml
+++ b/.github/workflows/step-tag-release.yml
@@ -18,6 +18,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
         with:
           token: ${{ secrets.github-token }}
+          persist-credentials: false
       - name: Create tag
         env:
           GH_TOKEN: ${{ secrets.github-token }}