Custom Properties in OIDC Tokens

GitHub Actions OpenID Connect (OIDC) tokens now support repository custom properties as claims. This enhancement allows organization and enterprise admins to include custom properties in OIDC tokens, which are automatically prefixed with repo_property_ and available for all repositories with that property value set.

Key Benefits

The addition of custom properties to OIDC tokens provides several advantages for managing cloud access policies:

• Eliminate duplication: Governance metadata lives in one place and flows automatically into your cloud policies
• Reduce configuration drift: Policies bind directly to repository attributes, staying accurate as your organization evolves
• Accelerate onboarding: New repositories automatically inherit the right access policies based on their properties
• Create consistent cross-cloud policies: Use existing GitHub metadata as an actionable control surface for managed identities across AWS, Azure, GCP, and other cloud providers

Available Today

A new settings page is now available in public preview at the repository, organization, and enterprise level. You can:

• Add repository custom properties to OIDC tokens via API or the new settings UI
• Use custom properties in the subject claim for flexible policy targeting
• View and manage OIDC token claim configuration directly from settings
• Reference claims in your cloud provider's trust policies without static allow lists or per-repository workflow changes

This eliminates the need to manually configure individual workflows and enables attribute-based access control (ABAC) policies across your infrastructure.

Next Steps

To get started, visit Customizing the OIDC token in the documentation to learn how to configure custom properties for your organization or enterprise.