Skip to main content

What are personal connections?

Personal connections store your own credentials for external integrations. When you connect an account, Pwnbook uses your token to act on your behalf — comments appear from your user, issue transitions are attributed to you, and PR reviews show your name. This is separate from org-level integrations, which use a shared credential configured by an admin. Personal connections are optional but required to have write actions attributed to you rather than the org service account.

Configuring connections

Go to Profile → Connections. The page lists all integrations that support personal tokens. For each integration you want to connect:
  1. Click Connect to open the configuration panel.
  2. Enter your personal API token (and any additional fields like username or instance URL).
  3. Click Save — Pwnbook stores the token securely and never exposes it again.
To update a token, click Edit on a connected integration and enter a new value (leave the token field blank to keep the existing one).

Available connections

GitHub

Write actions: post review comments, submit PR reviews, approve or request changes.
FieldValue
TokenPersonal Access Token (ghp_…)
UsernameYour GitHub username
Required scopesrepo (classic PAT) or pull_requests: read/write, contents: read (fine-grained PAT)
Create tokens at github.com/settings/tokens.

GitLab

Write actions: inline MR comments, submit MR reviews.
FieldValue
TokenPersonal Access Token (glpat-…)
UsernameYour GitLab username
Instance URLYour GitLab instance (defaults to https://gitlab.com)
Required scopesapi, read_user
Create tokens at GitLab → Preferences → Access Tokens.

Linear

Write actions: transition issues, add comments, update assignees.
FieldValue
TokenPersonal API key (lin_api_…)
Required scopesNone — Linear personal keys have full access to your workspace
Create keys at Linear → Settings → API → Personal API keys.

Jira

Write actions: transition issues, add comments, link findings to tickets.
FieldValue
TokenAtlassian API token
EmailYour Atlassian account email
Instance URLhttps://yourcompany.atlassian.net
Required scopesRead/Write access to projects you want to manage
Create tokens at id.atlassian.com/manage-profile/security/api-tokens.

Bitbucket

Write actions: post inline comments, approve or decline PRs.
FieldValue
TokenApp Password
UsernameYour Bitbucket username
Required permissionsRepositories: Read; Pull requests: Read & Write
Create App Passwords at Bitbucket → Personal settings → App passwords.

Security

  • Tokens are encrypted at rest and never returned in API responses after saving.
  • Tokens are scoped to your user account — other team members cannot see or use them.
  • You can disconnect an integration at any time from the Connections tab; this deletes the stored token immediately.