github · docs-bot · Nov 14, 2025 · Nov 14, 2025
diff --git a/...on/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md b/...on/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md
@@ -197,6 +197,9 @@ Repository permissions work for both user and organization resource owners.
 |---|---|---|
 | `actions` | Actions | `read`, `write` |
 | `administration` | Administration | `read`, `write` |
+| {% ifversion artifact-metadata %} |
+| `artifact_metadata` | Artifact Metadata | `read`, `write` |
+| {% endif %} |
 | `attestations` | Attestations | `read`, `write` |
 | `security_events` | Code scanning alerts | `read`, `write` |
 | `codespaces` | Codespaces | `read`, `write` |

diff --git a/data/features/artifact-metadata.yml b/data/features/artifact-metadata.yml
@@ -0,0 +1,4 @@
+# Artifact Metadata GA
+versions:
+  fpt: '*'
+  ghec: '*'
diff --git a/data/reusables/actions/github-token-available-permissions.md b/data/reusables/actions/github-token-available-permissions.md
@@ -2,7 +2,8 @@ You can define the access that the `GITHUB_TOKEN` will permit by specifying `rea
 
 ```yaml
 permissions:
-  actions: read|write|none{% ifversion artifact-attestations %}
+  actions: read|write|none{% ifversion artifact-metadata %}
+  artifact-metadata: read|write|none{% endif %}{% ifversion artifact-attestations %}
   attestations: read|write|none{% endif %}
   checks: read|write|none
   contents: read|write|none

diff --git a/data/reusables/actions/github-token-scope-descriptions.md b/data/reusables/actions/github-token-scope-descriptions.md
@@ -5,6 +5,9 @@ Available permissions and details of what each allows an action to do:
 | Permission | Allows an action using `GITHUB_TOKEN` to |
 | --- | --- |
 |  `actions` | Work with GitHub Actions. For example, `actions: write` permits an action to cancel a workflow run. For more information, see [AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). |
+| {% ifversion artifact-metadata %} |
+|  `artifact-metadata` | Work with artifact metadata. For example, `artifact-metadata: write` permits an action to create storage records on behalf of a build artifact. For more information, see [AUTOTITLE](/rest/orgs/artifact-metadata?apiVersion=2022-11-28). |
+| {% endif %} |
 | {% ifversion artifact-attestations %} |
 |  `attestations` | Work with artifact attestations. For example, `attestations: write` permits an action to generate an artifact attestation for a build. For more information, see [AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds) |
 | {% endif %} |