diff --git a/.github/actions/merge-main/action.yml b/.github/actions/merge-main/action.yml
index 5836c16b..9bacacf7 100644
--- a/.github/actions/merge-main/action.yml
+++ b/.github/actions/merge-main/action.yml
@@ -3,6 +3,8 @@ description: Merges main into feature branches (*-main)
 inputs:
   exempt-branches:
     description: Feature branches that are exempt from receiving merges from main (comma separated, no blank space)
+  ci-user-pat:
+    description: The CI user's personal access token to write to the repo
 
 runs:
   using: composite
@@ -11,6 +13,7 @@ runs:
       uses: actions/checkout@v4
       with:
         fetch-depth: 0
+        token: ${{ inputs.ci-user-pat }}
 
     - name: Set up Git
       shell: bash
diff --git a/.github/workflows/merge-main.yml b/.github/workflows/merge-main.yml
index 1b354b2a..db1df3a1 100644
--- a/.github/workflows/merge-main.yml
+++ b/.github/workflows/merge-main.yml
@@ -11,4 +11,5 @@ jobs:
       - name: Merge main
         uses: awslabs/aws-kotlin-repo-tools/.github/actions/merge-main@main
         with:
+          ci-user-pat: ${{ secrets.CI_USER_PAT }}
           exempt-branches: # Add any if required
\ No newline at end of file