diff --git a/.github/chainguard/self.read.members.sts.yaml b/.github/chainguard/self.read.members.sts.yaml
index fdd234faf3..e591e5d32a 100644
--- a/.github/chainguard/self.read.members.sts.yaml
+++ b/.github/chainguard/self.read.members.sts.yaml
@@ -3,8 +3,8 @@ issuer: https://token.actions.githubusercontent.com
 subject_pattern: "repo:DataDog/libdatadog.*"
 
 claim_pattern:
-  ref: "refs/heads/(main|release|julio/.*|igor/.*)" # TODO: remove testing branch and uncomment ref_protected
-  # ref_protected: "true" # TODO: uncomment once tested.
+  ref: "refs/heads/(main|release)"
+  ref_protected: "true"
 
 permissions:
   members: read
diff --git a/.github/chainguard/self.write.pr.sts.yaml b/.github/chainguard/self.write.pr.sts.yaml
index bfab148fe7..62711f4aa7 100644
--- a/.github/chainguard/self.write.pr.sts.yaml
+++ b/.github/chainguard/self.write.pr.sts.yaml
@@ -3,10 +3,9 @@ issuer: https://token.actions.githubusercontent.com
 subject_pattern: "repo:DataDog/libdatadog.*"
 
 claim_pattern:
-  ref: "refs/heads/(main|release|igor/.*|julio/.*)"
-  # TODO: commented to debug changelog generation.
-  # ref_protected: "true"
-  # job_workflow_ref: DataDog/libdatadog/\.github/workflows/release-proposal-dispatch\.yml@.+
+  ref: "refs/heads/(main|release)"
+  ref_protected: "true"
+  job_workflow_ref: DataDog/libdatadog/\.github/workflows/release-proposal-dispatch\.yml@.+
 
 permissions:
   contents: write