diff --git a/.cruft.json b/.cruft.json
index fb2906b..64107b4 100644
--- a/.cruft.json
+++ b/.cruft.json
@@ -1,6 +1,6 @@
 {
   "template": "/home/runner/work/cookiecutter-scverse/cookiecutter-scverse",
-  "commit": "cd4676edc794359c10500cb4edfd98ce9fc2c2a3",
+  "commit": "e2f65bec773faa32ed290e9242adb09246974c1c",
   "checkout": null,
   "context": {
     "cookiecutter": {
@@ -36,7 +36,7 @@
         "trim_blocks": true
       },
       "_template": "/home/runner/work/cookiecutter-scverse/cookiecutter-scverse",
-      "_commit": "cd4676edc794359c10500cb4edfd98ce9fc2c2a3"
+      "_commit": "e2f65bec773faa32ed290e9242adb09246974c1c"
     }
   },
   "directory": null
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index b690b7c..6bf473b 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -46,6 +46,8 @@ jobs:
   # Run tests through hatch. Spawns a separate runner for each environment defined in the hatch matrix obtained above.
   test:
     needs: get-environments
+    permissions:
+       id-token: write  # for codecov OIDC
 
     strategy:
       fail-fast: false
@@ -82,6 +84,9 @@ jobs:
           uvx hatch run ${{ matrix.env.name }}:coverage xml # create report for upload
       - name: Upload coverage
         uses: codecov/codecov-action@v5
+        with:
+          fail_ci_if_error: true
+          use_oidc: true
 
   # Check that all tests defined above pass. This makes it easy to set a single "required" test in branch
   # protection instead of having to update it frequently. See https://github.com/re-actors/alls-green#why.
diff --git a/docs/template_usage.md b/docs/template_usage.md
index 1887bd5..992e7f2 100644
--- a/docs/template_usage.md
+++ b/docs/template_usage.md
@@ -86,52 +86,21 @@ line-length = 120
 
 ### Coverage tests with _Codecov_
 
-Coverage tells what fraction of the code is "covered" by unit tests, thereby encouraging contributors to [write tests](contributing.md#writing-tests).
+Coverage tells what fraction of the code is "covered" by unit tests,
+thereby encouraging contributors to [write tests](contributing.md#writing-tests).
 To enable coverage checks, head over to [codecov][] and sign in with your GitHub account.
-You'll find more information in "getting started" section of the [codecov docs][].
+You'll find more information in "quick start" section of the [codecov docs][].
 
-In the `Actions` tab of your projects' GitHub repository, you can see that the workflows are failing due to the **Upload coverage** step.
-The error message in the workflow should display something like:
-
-```
-...
-    Retrying 5/5 in 2s..
-    {'detail': ErrorDetail(string='Could not find a repository, try using repo upload token', code='not_found')}
-Error: 404 Client Error: Not Found for url:
-...
-```
-
-While [codecov docs][] has a very extensive documentation on how to get started,
-_if_ you are using the default settings of this template we can assume that you are using [codecov][] in a GitHub action workflow and hence you can make use of the [codecov bot][].
+Codecov uses [OpenID connect][] to authenticate, therefore, specifying a token should not be necessary.
 
+If you want codecov to comment on pull requests, you can make use of the [codecov bot][].
 To set it up, simply go to the [codecov app][] page and follow the instructions to activate it for your repository.
-Once the activation is completed, go back to the `Actions` tab and re-run the failing workflows.
-
-The workflows should now succeed, and you will be able to find the code coverage at this link:
-`https://app.codecov.io/gh/scverse/cookiecutter-scverse-instance`.
-You might have to wait a couple of minutes and the coverage of this repository should be ~60%.
-
-If your repository is private, you will have to specify an additional token in the repository secrets.
-In brief, you need to:
-
-1. Generate a Codecov Token by clicking _setup repo_ in the codecov dashboard.
-    - If you have already set up codecov in the repository by following the previous steps, you can directly go to the codecov repo webpage.
-2. Go to _Settings_ and copy **only** the token `_______-____-...`.
-3. Go to _Settings_ of your newly created repository on GitHub.
-4. Go to _Security > Secrets > Actions_.
-5. Create new repository secret with name `CODECOV_TOKEN` and paste the token generated by codecov.
-6. Paste these additional lines in `/.github/workflows.test.yaml` under the **Upload coverage** step:
-    ```bash
-    - name: Upload coverage
-      uses: codecov/codecov-action@v3
-      with:
-          token: ${{ secrets.CODECOV_TOKEN }}    ```
-7. Go back to GitHub `Actions` page an re-run previously failed jobs.
 
 [codecov]: https://about.codecov.io/sign-up/
 [codecov app]: https://github.com/apps/codecov
 [codecov bot]: https://docs.codecov.com/docs/team-bot
 [codecov docs]: https://docs.codecov.com/docs
+[OpenID connect]: https://docs.github.com/en/actions/concepts/security/openid-connect
 
 ### Documentation on _readthedocs_