GitHub Agentic Workflows: No Personal Access Token Required
GitHub CopilotGitHub Agentic Workflows now supports authentication using GitHub Actions' built-in GITHUB_TOKEN, eliminating the previous requirement to create and store a personal access token. When using the Actions token in an organization-owned repository, AI credit consumption bills to the organization rather than individual users. The option is available across all Copilot plans, including Free, Pro, Pro+, Business, and Enterprise.
Sources & Mentions
2 external resources covering this update
PAT Requirement Removed from GitHub Agentic Workflows
GitHub Agentic Workflows previously required developers to create and securely store a personal access token (PAT) to authenticate the workflow's GitHub operations. As of June 11, 2026, workflows can authenticate using GitHub Actions' built-in GITHUB_TOKEN, the same ephemeral token standard Actions workflows use.
Why this matters
Long-lived PATs must be rotated, stored as secrets, scoped carefully, and audited. At scale, that becomes a real maintenance burden. With GITHUB_TOKEN, authentication is handled by the Actions runtime, scoped to the exact repository and job, and expires after each run.
Billing for organization workflows
When a workflow runs in an organization-owned repository using the Actions token, AI credits bill directly to the organization. This requires enabling the "Allow use of Copilot CLI billed to the organization" policy and adding copilot-requests: write to the workflow's Markdown frontmatter permissions. Organizations can control spend through cost centers and per-run caps.
Plan availability
The GITHUB_TOKEN authentication option is available across all Copilot plan tiers: Free, Pro, Pro+, Business, and Enterprise.