diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index a7fbd25..f79139f 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -7,6 +7,10 @@ on:
     paths:
       - "**/Cargo.toml"
       - "**/Cargo.lock"
+
+permissions:
+  contents: read
+
 jobs:
   security_audit:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/general.yml b/.github/workflows/general.yml
index 2877f96..fe75826 100644
--- a/.github/workflows/general.yml
+++ b/.github/workflows/general.yml
@@ -6,6 +6,9 @@ on: [push, pull_request]
 env:
   CARGO_TERM_COLOR: always
 
+permissions:
+  contents: read
+
 jobs:
   fmt:
     name: Rustfmt
@@ -33,6 +36,9 @@ jobs:
   coverage:
     name: Tests
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     services:
       postgres:
         image: postgres:15