diff --git a/.github/workflows/bumpversion.yml b/.github/workflows/bumpversion.yml
index c8ee6dd..20a4869 100644
--- a/.github/workflows/bumpversion.yml
+++ b/.github/workflows/bumpversion.yml
@@ -11,15 +11,19 @@ jobs:
     runs-on: ubuntu-latest
     name: "Bump version and create changelog with commitizen"
     steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.ELEMENTS_HELPER_APP_ID }}
+          private-key: ${{ secrets.ELEMENTS_HELPER_PRIVATE_KEY }}
       - name: Check out
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          token: "${{ secrets.GITHUB_TOKEN }}"
       - id: cz
         name: Create bump and changelog
         uses: commitizen-tools/commitizen-action@master
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_token: ${{ steps.app-token.outputs.token }}
       - name: Print Version
         run: echo "Bumped to version ${{ steps.cz.outputs.version }}"
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 5f6f7fb..423a07c 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -8,7 +8,17 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.ELEMENTS_HELPER_APP_ID }}
+          private-key: ${{ secrets.ELEMENTS_HELPER_PRIVATE_KEY }}
       - uses: actions/checkout@v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          ref: ${{ github.head_ref }}
+          # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
+          persist-credentials: false
       - name: Setup Go
         uses: actions/setup-go@v5
         with: