Rotate Personal Access Tokens

Our organization uses github service accounts, and those use personal access tokens for a variety of tasks. We have a requirement that all accounts have multifactor authentication (MFA/TOTP) enabled. We also have a requirement that all keys be rotated on a regular basis, and this includes personal access tokens.

Is there any way that a personal access token can either be created or regenerated via a personal access token without a password?

We can rotate the personal access token using the API using basic authentication, but currently we need both the password and the MFA TOTP which inhibits automation. An example bash script to rotate personal access token is here. ](https://gist.github.com/StevenACoffman/f0c084b428977430d2baacd0263c3563). )
Any ideas? Thanks!

As far as I know, there is no way to generate new personal access tokens using only a personal access token. I have some Ruby code that I use to create a new personal access token inside scripts that handles 2FA. So the rotation step could be automated, but the TOTP code would still have to be supplied manually via a script, tool, or webpage at the time of rotation.

I hope that helps!