Create a repository secret in GitHub

Task: create a GitHub repository secret.

The instructions pertain to the creation of any repository secret.

By way of example, we create a repository secret ASSIGN_REVIEWERS that we will use when creating the GitHub action Auto Assign.

Create a Personal Access Token (PAT)

In order to create a repository secret, it's first necessary to create a PAT.

Tip: for an overview of how PATs and secrets are related, we recommend reading the summary written by Claude in the appendix before continuing.

How to create a PAT

  1. Navigate to Developer Settings > Personal Access Tokens > Tokens (classic)
  2. Click "Generate new token (classic)"
  3. Give it a descriptive e.g. "Auto Assign Reviewers"
  4. Set an expiry date. if you're not sure, err on the side of caution. You can always create another PAT.
  5. Select the workflow scope for the necessary permissions (this will automatically select repo which is also required)
  6. Copy the token immediately. This is critical; you won't be able to access it later. If you don't copy the token now, you will have to create a new one.

How to create a repository secret

Once you have copied the PAT:

  1. Navigate to Settings > Secrets and variables > Actions
    e.g. actions
    Note: repository secrets are for a single repository only. You will find them in your repository settings under "Secrets and variables".
  2. Click "New repository secret"
  3. Name: e.g. ASSIGN_REVIEWERS
  4. Value: the PAT you just created

You can review and manage secrets at ~/settings/secrets/actions e.g. secrets/actions

You can now use the repo secret in a GitHub action to grant permissions.

Appendix

This appendix was written by the LLM Claude in response to a request to summarise how repository secrets and PATs are used in GitHub.

Personal Access Tokens (PATs):

  • Act as your personal credentials/password for GitHub
  • Allow you to authenticate when using GitHub's API or command line
  • Can be configured with specific permissions (like repo access, workflow management, etc.)
  • Are tied to your personal GitHub account
  • You control their lifespan and can revoke them at any time

Repository Secrets:

  • Are encrypted environment variables stored at the repository level
  • Allow you to securely store sensitive data (like PATs, API keys, passwords)
  • Are only accessible within GitHub Actions workflows
  • Cannot be viewed once created, only updated or deleted
  • Are automatically masked in logs if accidentally printed

How PATs and repository secrets work together:

  • You create a PAT with specific permissions
  • You store that PAT as a repository secret
  • Your GitHub Actions workflow references the secret using ${{ secrets.SECRET_NAME }}
  • GitHub securely injects the PAT value during workflow execution
  • The action can then use this token to authenticate and perform operations on your behalf