To preface this, I'm not sure if I'm simply doing something incorrectly, if there's an issue in the library, or if there's an issue in GitHub's API. I figure this is the best spot to start with.

I am getting several different kinds of errors when trying to use the Codespace Secrets feature via GitHub App. For example, when trying to access User secrets via the app, I get the following error when trying to obtain the User Codespace secrets public key:
https://api.github.com/user/codespaces/secrets/public-key: 403 Resource not accessible by integration
The permissions explained here say that the App needs the codespaces_user_secrets user permission. You can see in this screenshot that the permission is indeed set:

I also noticed updating permissions in the Account section of a GitHub App does not trigger the typical "app is requesting an update to its permissions." prompt that appears when Repository or Organization permissions are changed, so I'm leaning towards this being a GitHub-side issue.

Next, I am unable to start or stop a Codespace in a repository, once again as a GitHub App. This time I am able to authenticate and fully access the repository Codespace secrets as the GitHub App however. I get the following error when calling start:
https://api.github.com/user/codespaces/<random_gh_codespace_name>/start: 404 Not Found
The permissions explained here say that the App needs the codespaces_lifecycle_admin repository permission. You can see again in this screenshot that the permission is indeed set:

Lastly, the final issue with Codespace secrets. This time, it fails Personal Access Tokens (+it seems GitHub doesn't support Apps for these Org secrets at all). Like the first issue, when trying to obtain the public key of the Organization Codespace secrets it fails:
https://api.github.com/orgs/<org_name>/codespaces/secrets/public-key: 404 Not Found
The permissions explained here say that the Access Token needs the admin:org organization permission. You can see in the screenshot one final time that the permission is set:

I found it a bit strange this one supposedly doesn't require "organization codespace secrets" permissions to be set like the others all require, however adding that permission and in fact all permissions to the PAT still gives the same public key error.

My hunch is this is all likely on GitHub's side but as mentioned I figured I'd start here first, and I can point to this post as a later reference if I need to open up an issue with GitHub directly.

Hmmm... thanks for the detailed writeup of the issues you are seeing.
I personally have not used Codespace secrets, and unfortunately don't know what the problem is.
From your description, it sounds like you are using things properly.

I'll leave this issue open in the hopes that someone else has tried the Codespace APIs.

Maybe @artificial-aidan who wrote the initial implementation in #2803 has some ideas.

I didn't end up using the implementation in my companies product, so other than initial testing I don't have much info.

What I would do is replicate the same process with bare http calls and see if you get the same process. I think there is a logging setting in the Go library to print all http calls.

Thanks, @artificial-aidan !

Along the same lines, this package is frequently helpful to debug the curl versions of API calls:
https://github.com/gmlewis/go-httpdebug

Thanks for the suggestions. I am seeing the same errors when using the curl commands directly, such as using a PAT for the organization codespace public key:
{"message":"Not Found","documentation_url":"https://docs.github.com/rest/codespaces/organization-secrets#get-an-organization-public-key"}

Providing an incorrect PAT changes the error message to "Bad credentials", so it seems to at least be recognizing that there is a valid token being provided and authorizing my request.

I'll see what options I have available regarding bringing this up with GitHub directly.