diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index b4b8d0f..95a37e3 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-  ".": "3.1.1"
+  ".": "3.2.0"
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..3dfff07
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,15 @@
+# Changelog
+
+## [3.2.0](https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0) (2026-05-12)
+
+
+### Features
+
+* add support for enterprise-level GitHub Apps ([#263](https://github.com/actions/create-github-app-token/issues/263)) ([952a2a7](https://github.com/actions/create-github-app-token/commit/952a2a7073df6bfa5f49bc469ec895b6ec1acea4))
+* support full repository names in `repositories` input ([#372](https://github.com/actions/create-github-app-token/issues/372)) ([85eb8dd](https://github.com/actions/create-github-app-token/commit/85eb8dd41472213aed25d1a126460e0069138ab6))
+
+
+### Bug Fixes
+
+* **deps:** bump @actions/core from 3.0.0 to 3.0.1 in the production-dependencies group ([#364](https://github.com/actions/create-github-app-token/issues/364)) ([43e5c34](https://github.com/actions/create-github-app-token/commit/43e5c345bfd4d4f3ecea019ad0042001a09dd857))
+* validate private-key input ([#376](https://github.com/actions/create-github-app-token/issues/376)) ([f24bbd8](https://github.com/actions/create-github-app-token/commit/f24bbd89643991c0de27ae823c01791b2c6bafdd))
diff --git a/dist/main.cjs b/dist/main.cjs
index dc71699..20b90dc 100644
--- a/dist/main.cjs
+++ b/dist/main.cjs
@@ -23241,24 +23241,52 @@ function resolveInstallationTarget(enterprise, owner, repositories, core) {
     );
     return { type: "owner", owner };
   }
-  const parsedOwner = owner || String(process.env.GITHUB_REPOSITORY_OWNER);
+  const target = normalizeRepositoryTarget(owner, repositories);
   if (!owner) {
     core.info(
-      `No 'owner' input provided. Using default owner '${parsedOwner}' to create token for the following repositories:${repositories.map((repo) => `
-- ${parsedOwner}/${repo}`).join("")}`
+      `No 'owner' input provided. Using default owner '${target.owner}' to create token for the following repositories:${target.repositories.map((repo) => `
+- ${target.owner}/${repo}`).join("")}`
     );
   } else {
     core.info(
-      `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:${repositories.map((repo) => `
-- ${parsedOwner}/${repo}`).join("")}`
+      `Inputs 'owner' and 'repositories' are set. Creating token for the following repositories:${target.repositories.map((repo) => `
+- ${target.owner}/${repo}`).join("")}`
     );
   }
   return {
     type: "repository",
+    owner: target.owner,
+    repositories: target.repositories
+  };
+}
+function normalizeRepositoryTarget(owner, repositories) {
+  const parsedOwner = owner || String(process.env.GITHUB_REPOSITORY_OWNER);
+  const parsedRepositories = repositories.map(parseRepositoryInput);
+  const mismatchedRepository = parsedRepositories.find(
+    (repository) => repository.owner && repository.owner.toLowerCase() !== parsedOwner.toLowerCase()
+  );
+  if (mismatchedRepository) {
+    throw new Error(
+      `Repository '${mismatchedRepository.input}' includes owner '${mismatchedRepository.owner}', which does not match the resolved owner '${parsedOwner}'.`
+    );
+  }
+  return {
     owner: parsedOwner,
-    repositories
+    repositories: parsedRepositories.map((repository) => repository.name)
   };
 }
+function parseRepositoryInput(input) {
+  const parts = input.split("/");
+  if (parts.length === 1 && parts[0]) {
+    return { input, owner: "", name: parts[0] };
+  }
+  if (parts.length === 2 && parts[0] && parts[1]) {
+    return { input, owner: parts[0], name: parts[1] };
+  }
+  throw new Error(
+    `Invalid repository '${input}'. Expected 'repository' or 'owner/repository'.`
+  );
+}
 function getTokenRetryDescription(target) {
   switch (target.type) {
     case "enterprise":
@@ -23397,6 +23425,9 @@ async function run() {
     throw new Error("The 'client-id' (or deprecated 'app-id') input must be set to a non-empty string. If using a secret or variable, ensure it is available in this workflow context.");
   }
   const privateKey = getInput("private-key");
+  if (!privateKey) {
+    throw new Error("The 'private-key' input must be set to a non-empty string. If using a secret or variable, ensure it is available in this workflow context.");
+  }
   const enterprise = getInput("enterprise");
   const owner = getInput("owner");
   const repositories = getInput("repositories").split(/[\n,]+/).map((s) => s.trim()).filter((x) => x !== "");
diff --git a/package-lock.json b/package-lock.json
index 0ae4bcb..6120d7e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "create-github-app-token",
-  "version": "3.1.1",
+  "version": "3.2.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "create-github-app-token",
-      "version": "3.1.1",
+      "version": "3.2.0",
       "license": "MIT",
       "dependencies": {
         "@actions/core": "^3.0.1",
diff --git a/package.json b/package.json
index 0fd488c..0584f70 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "name": "create-github-app-token",
   "private": true,
   "type": "module",
-  "version": "3.1.1",
+  "version": "3.2.0",
   "description": "GitHub Action for creating a GitHub App Installation Access Token",
   "engines": {
     "node": ">=24.4.0"