Move npm token to vault

Author: academo

.github/workflows/publish-npm.yml

@@ -8,7 +8,17 @@ jobs:
   publish:
     name: Publish to NPM & GitHub Package Registry
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
     steps:
+      - id: get-secrets
+        uses: grafana/shared-workflows/actions/get-vault-secrets@28361cdb22223e5f1e34358c86c20908e7248760 # get-vault-secrets-v1.1.0
+        with:
+          repo_secrets: |
+            NPM_TOKEN=npm_token:npm_token
+
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
@@ -40,7 +50,7 @@ jobs:
         if: steps.version_check.outputs.changed == 'true'
         run: npm publish --access public
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ env.NPM_TOKEN }}
 
       - name: Setup .npmrc file for GitHub Packages
         if: steps.version_check.outputs.changed == 'true'