diff --git a/.github/workflows/alert-deploy.yml b/.github/workflows/alert-deploy.yml
index c7f52fea..eac0af1d 100644
--- a/.github/workflows/alert-deploy.yml
+++ b/.github/workflows/alert-deploy.yml
@@ -23,13 +23,14 @@ jobs:
     name: Apply alerts to prod
     if: (github.event_name == 'push' && github.ref_name == 'main') || inputs.environment == 'prod'
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: deploy to prod
-        uses: nais/deploy/actions/deploy@v1
+        uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: prod-gcp
           RESOURCE: .nais/alerts.yml
 
@@ -37,12 +38,13 @@ jobs:
     name: Apply alerts to dev
     if: inputs.environment == 'preprod'
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: deploy to dev
-        uses: nais/deploy/actions/deploy@v1
+        uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           CLUSTER: dev-gcp
           RESOURCE: .nais/alerts-preprod.yml
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 4361b356..a7059afb 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -28,11 +28,12 @@ jobs:
     name: Deploy to prod
     needs: [build-and-test, build-and-push]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - uses: actions/checkout@v4
-      - uses: nais/deploy/actions/deploy@v1
+      - uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           DRY_RUN: false
           PRINT_PAYLOAD: true
           CLUSTER: prod-gcp
diff --git a/.github/workflows/preprod-alt.yml b/.github/workflows/preprod-alt.yml
index e0116fe0..ce8393f8 100644
--- a/.github/workflows/preprod-alt.yml
+++ b/.github/workflows/preprod-alt.yml
@@ -21,11 +21,12 @@ jobs:
     name: Deploy to preprod-alt
     needs: [build-and-test, build-and-push]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - uses: actions/checkout@v4
-      - uses: nais/deploy/actions/deploy@v1
+      - uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           DRY_RUN: false
           PRINT_PAYLOAD: true
           CLUSTER: dev-gcp
diff --git a/.github/workflows/preprod.yml b/.github/workflows/preprod.yml
index fda8ab90..81c78d54 100644
--- a/.github/workflows/preprod.yml
+++ b/.github/workflows/preprod.yml
@@ -28,11 +28,12 @@ jobs:
     name: Deploy to preprod
     needs: [build-and-test, build-and-push]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - uses: actions/checkout@v4
-      - uses: nais/deploy/actions/deploy@v1
+      - uses: nais/deploy/actions/deploy@v2
         env:
-          APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
           DRY_RUN: false
           PRINT_PAYLOAD: true
           CLUSTER: dev-gcp