Default GITHUB_TOKEN does not have secrets management permissions

If I install the GitHub CLI as part of the base image for a Codespace, I can use gh on the command line without having to explicitly login due to Codespaces setting a default GITHUB_TOKEN. Which is nice. However, I can’t use the gh secret commands as that token does not have the necessary permissions.
This complicates some repo configuration automation that I would like to do (e.g. create the half-dozen or so repo-level secrets needed for CI/CD to work).

Is there a specific reason why the default GITHUB_TOKEN does not have permission to manage repo secrets? The process of “logging out” (by unsetting the environment variable and then gh auth login) in order to get a token with the right permissions is rather tedious.

2 Likes