What are personal connections?
Personal connections store your own credentials for external integrations. When you connect an account, Pwnbook uses your token to act on your behalf — comments appear from your user, issue transitions are attributed to you, and PR reviews show your name. This is separate from org-level integrations, which use a shared credential configured by an admin. Personal connections are optional but required to have write actions attributed to you rather than the org service account.Configuring connections
Go to Profile → Connections. The page lists all integrations that support personal tokens. For each integration you want to connect:- Click Connect to open the configuration panel.
- Enter your personal API token (and any additional fields like username or instance URL).
- Click Save — Pwnbook stores the token securely and never exposes it again.
Available connections
GitHub
Write actions: post review comments, submit PR reviews, approve or request changes.| Field | Value |
|---|---|
| Token | Personal Access Token (ghp_…) |
| Username | Your GitHub username |
| Required scopes | repo (classic PAT) or pull_requests: read/write, contents: read (fine-grained PAT) |
GitLab
Write actions: inline MR comments, submit MR reviews.| Field | Value |
|---|---|
| Token | Personal Access Token (glpat-…) |
| Username | Your GitLab username |
| Instance URL | Your GitLab instance (defaults to https://gitlab.com) |
| Required scopes | api, read_user |
Linear
Write actions: transition issues, add comments, update assignees.| Field | Value |
|---|---|
| Token | Personal API key (lin_api_…) |
| Required scopes | None — Linear personal keys have full access to your workspace |
Jira
Write actions: transition issues, add comments, link findings to tickets.| Field | Value |
|---|---|
| Token | Atlassian API token |
| Your Atlassian account email | |
| Instance URL | https://yourcompany.atlassian.net |
| Required scopes | Read/Write access to projects you want to manage |
Bitbucket
Write actions: post inline comments, approve or decline PRs.| Field | Value |
|---|---|
| Token | App Password |
| Username | Your Bitbucket username |
| Required permissions | Repositories: Read; Pull requests: Read & Write |
Security
- Tokens are encrypted at rest and never returned in API responses after saving.
- Tokens are scoped to your user account — other team members cannot see or use them.
- You can disconnect an integration at any time from the Connections tab; this deletes the stored token immediately.