What happened
When adding a repository secret in GitHub Actions with a name that starts with GITHUB_ (for example GITHUB_PAT), the UI appears to accept submission but the secret does not appear afterward.
Why this is a problem
This is confusing and looks like a save failure. Users can spend time debugging workflow auth issues before realizing the secret name itself is restricted.
Reproduction steps
- Go to Repository Settings → Secrets and variables → Actions.
- Click New repository secret.
- Enter secret name
GITHUB_PAT and any value.
- Click Add secret.
- Observe the secret does not appear in the list.
Expected behavior
Show an explicit validation error before save, for example:
Secret names cannot start with reserved prefix GITHUB_.
Actual behavior
No clear inline or post-submit error indicating the reserved-prefix restriction.
Suggested fix
- Add client-side and server-side validation for reserved secret prefixes.
- Display a clear error message with allowed naming guidance.
- Optionally link to docs on reserved secret/environment variable names.
Context
This surfaced while setting up a workflow where we intentionally map a custom PAT secret into GITHUB_TOKEN at runtime, and GITHUB_PAT seemed like the natural secret name.
What happened
When adding a repository secret in GitHub Actions with a name that starts with
GITHUB_(for exampleGITHUB_PAT), the UI appears to accept submission but the secret does not appear afterward.Why this is a problem
This is confusing and looks like a save failure. Users can spend time debugging workflow auth issues before realizing the secret name itself is restricted.
Reproduction steps
GITHUB_PATand any value.Expected behavior
Show an explicit validation error before save, for example:
Actual behavior
No clear inline or post-submit error indicating the reserved-prefix restriction.
Suggested fix
Context
This surfaced while setting up a workflow where we intentionally map a custom PAT secret into
GITHUB_TOKENat runtime, andGITHUB_PATseemed like the natural secret name.