Workflows triggered by github-copilot-agent no longer have access to secrets (Secret source: None)

[talitahalboth]

Select Topic Area

Question

Copilot Feature Area

Copilot Workspace

Body

Hello,

I've noticed a recent and consistent change in behavior for our GitHub Actions workflows that are triggered by pull requests from the github-copilot-agent.

The Issue:
Previously, our workflows triggered by the Copilot agent would run successfully with Secret source: Actions.

As of recently, the exact same workflow file, triggered by the exact same github-copilot-agent actor, now fails. The "Set up job" log for the new run shows Secret source: None. This causes all our CI steps that rely on secrets to fail.

Evidence (Replicated in a Sandbox):

To ensure this wasn't a configuration change in our main repository, I replicated this in a clean sandbox repo and can confirm the same change in behavior:

• Old Run: https://github.com/talitahalboth/wip-tests/actions/runs/17793874537/job/50577000682

  Set up job logs shows: Secret source: Actions

• New Run : https://github.com/talitahalboth/wip-tests/actions/runs/18711615327/job/53361191849

  Set up job logs shows: Secret source: None
  (the new run also works since I'm not using secrets anywhere here.)

This strongly suggests a platform-level change in how GitHub now handles workflows initiated by the Copilot agent. It seems these PRs are now treated as "untrusted" by default, similar to a pull request from a third-party fork, which requires manual approval to access secrets.

My Questions:

• Can anyone else confirm they are seeing this behavior?

• Was this an intentional security change by GitHub, and if so, where was it announced?

• What is the new, recommended "best practice" for running workflows on Copilot-generated PRs that require secrets?

Thanks for any insights!

[theojulienne]

I observed this same behavior change, where secrets were previously granted based on Actions secrets but are no longer. It looks like this alternative does allow providing secrets to copilot agent now, though it is per repo rather than allowing the flexibility of Actions secrets like before: https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-environment#setting-environment-variables-in-copilots-environment

[talitahalboth]

Ah right, thank you. As you said, being per repo makes it way less flexible, I'm not sure it'll work for me if I can't use the organization secrets anymore. Oh well. Hopefully there will be a fix soon

[cipher20000]

This behavior change is intentional — GitHub recently updated how secrets are handled for Copilot-triggered workflows for security reasons.

🔍 What changed

Previously, workflows triggered by the github-copilot-agent had access to Actions secrets automatically.
Now, Copilot-generated runs are treated as “untrusted” (similar to pull requests from forks), meaning organization and repository secrets are no longer exposed by default.
That’s why your logs show:

Secret source: None

instead of

Secret source: Actions

✅ Current workaround

You can still provide secrets to the Copilot agent, but it must now be done per repository, not via global org-level secrets.

Docs:
👉 Customize the Copilot agent environment (set environment variables/secrets)

In short:

Set repository-level secrets directly under Settings → Secrets and variables → Actions.

Copilot agents will have access only to those specific secrets.

Organization-level secrets won’t be inherited for Copilot-triggered workflows anymore.

⚠️ Why the change

GitHub tightened this access model to prevent accidental or malicious secret exposure from AI-generated or external triggers. The behavior aligns with how Actions handle workflows triggered by untrusted actors.

💡 Recommendation

If you rely on org secrets, you’ll need to replicate critical ones at the repository level until GitHub provides a broader policy toggle or update.

[talitahalboth]

hey, can you give me some sources where this change was announced? I can't find anything "official" from github 😞

[talitahalboth]

I found this!
https://docs.github.com/en/copilot/responsible-use/copilot-coding-agent#constraining-copilots-permissions
which mentions

Copilot coding agent does not have access to Actions organization or repository secrets or variables during runtime. Only secrets and variables specifically added to the copilot environment are passed to the agent.

[ViacheslavKudinov]

It is reasonable from security perspective, but how it could work in scale for Enterprise customers ?

We have org level secrets which are used on all the repositories and now as we all have to introduce copilot repo' environments and its secrets, how we should keep all these copilot secrets in sync with org level secrets ?

It probably the case that GitHub should think how to introduce some Copilot org level secrets which Enterprises may use to address this challenge in scale.

PS it can be other versions of org level secrets adopted for Coding agents, but it should be manageable for org admins

[OndrejSpanel]

It probably the case that GitHub should think how to introduce some Copilot org level secrets which Enterprises may use to address this challenge in scale.

Absolutely, For example it could be possible to "export" (or declare as accessible) selected organization secrets in environment, therefore I would have to declare which of the organization secrets I want to expose, but not setting their actual values. From a security and organization point, it is not good having to distribute an organization secret to all repository admins.

In my case, I need to give Copilot access to a PAT so that it can download private dependencies from packages. If the PAT should be expirable, am I really supposed to update all copilot enviromments in all repositories each time PAT expires?

[lipkau]

Maybe this can help:
https://github.blog/changelog/2025-10-28-copilot-coding-agent-now-supports-self-hosted-runners/