> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pwnbook.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Personal Connections

> Configure personal API tokens so Pwnbook can take actions in external tools under your identity.

## What are personal connections?

Personal connections store **your own credentials** for external integrations. When you connect an account, Pwnbook uses your token to act on your behalf — comments appear from your user, issue transitions are attributed to you, and PR reviews show your name.

This is separate from [org-level integrations](/integrations/overview#two-tier-authentication-model), which use a shared credential configured by an admin. Personal connections are optional but required to have write actions attributed to you rather than the org service account.

## Configuring connections

Go to **Profile → Connections**. The page lists all integrations that support personal tokens. For each integration you want to connect:

1. Click **Connect** to open the configuration panel.
2. Enter your personal API token (and any additional fields like username or instance URL).
3. Click **Save** — Pwnbook stores the token securely and never exposes it again.

To update a token, click **Edit** on a connected integration and enter a new value (leave the token field blank to keep the existing one).

## Available connections

### GitHub

Write actions: post review comments, submit PR reviews, approve or request changes.

| Field               | Value                                                                                    |
| ------------------- | ---------------------------------------------------------------------------------------- |
| **Token**           | Personal Access Token (`ghp_…`)                                                          |
| **Username**        | Your GitHub username                                                                     |
| **Required scopes** | `repo` (classic PAT) or `pull_requests: read/write`, `contents: read` (fine-grained PAT) |

Create tokens at [github.com/settings/tokens](https://github.com/settings/tokens).

### GitLab

Write actions: inline MR comments, submit MR reviews.

| Field               | Value                                                   |
| ------------------- | ------------------------------------------------------- |
| **Token**           | Personal Access Token (`glpat-…`)                       |
| **Username**        | Your GitLab username                                    |
| **Instance URL**    | Your GitLab instance (defaults to `https://gitlab.com`) |
| **Required scopes** | `api`, `read_user`                                      |

Create tokens at **GitLab → Preferences → Access Tokens**.

### Linear

Write actions: transition issues, add comments, update assignees.

| Field               | Value                                                          |
| ------------------- | -------------------------------------------------------------- |
| **Token**           | Personal API key (`lin_api_…`)                                 |
| **Required scopes** | None — Linear personal keys have full access to your workspace |

Create keys at **Linear → Settings → API → Personal API keys**.

### Jira

Write actions: transition issues, add comments, link findings to tickets.

| Field               | Value                                            |
| ------------------- | ------------------------------------------------ |
| **Token**           | Atlassian API token                              |
| **Email**           | Your Atlassian account email                     |
| **Instance URL**    | `https://yourcompany.atlassian.net`              |
| **Required scopes** | Read/Write access to projects you want to manage |

Create tokens at [id.atlassian.com/manage-profile/security/api-tokens](https://id.atlassian.com/manage-profile/security/api-tokens).

### Bitbucket

Write actions: post inline comments, approve or decline PRs.

| Field                    | Value                                           |
| ------------------------ | ----------------------------------------------- |
| **Token**                | App Password                                    |
| **Username**             | Your Bitbucket username                         |
| **Required permissions** | Repositories: Read; Pull requests: Read & Write |

Create App Passwords at **Bitbucket → Personal settings → App passwords**.

## Security

* Tokens are encrypted at rest and never returned in API responses after saving.
* Tokens are scoped to your user account — other team members cannot see or use them.
* You can disconnect an integration at any time from the Connections tab; this deletes the stored token immediately.
