What perm is needed for api access to secrets (terraform)

We have repos in an organisation. We use terraform to create and manage these repos. The user we use is currently an organisation admin so no problem. The user will soo lose org admin but retain repo admin. We have tested this and found that we cant create/update secrets now. Can anyone tell me what perms/scope the PAT token needs to be able to do this if its possible as a none org admin.