Our organization uses github service accounts, and those use personal access tokens for a variety of tasks. We have a requirement that all accounts have multifactor authentication (MFA/TOTP) enabled. We also have a requirement that all keys be rotated on a regular basis, and this includes personal access tokens.
Is there any way that a personal access token can either be created or regenerated via a personal access token without a password?
We can rotate the personal access token using the API using basic authentication, but currently we need both the password and the MFA TOTP which inhibits automation. An example [bash script to rotate personal access token is here](https://gist.github.com/StevenACoffman/f0c084b428977430d2baacd0263c3563).
Any ideas? Thanks!
Solved! Solved! Go to Solution.
As far as I know, there is no way to generate new personal access tokens using only a personal access token. I have some Ruby code that I use to create a new personal access token inside scripts that handles 2FA. So the rotation step could be automated, but the TOTP code would still have to be supplied manually via a script, tool, or webpage at the time of rotation.
I hope that helps!