n0v1c3 · jacobstr · Sep 21, 2021 · Sep 22, 2021 · jacobstr · Sep 22, 2021
diff --git a/README.md b/README.md
@@ -118,6 +118,8 @@ one of the options `password` or `password_cmd` will be set depending on a
 - `password` - Enter Jira server password in plain text. This is not
   recommended for security reasons, but we're not going to tell you how to live
   your life.
+- `access_token_cmd` - Run a CLI command to retrieve the Jira server personal access token e.g. [sops -d /home/username/access_token.sops](https://github.com/mozilla/sops) or a password manager ala `pass` or `lpass`.
+- `access_token` - Use a personal access token, not recommended for security reasons. Seriously, just sops encrypt a file with a gpg/aws-kms/gcp-kms/* key or use CLI's offered by _1Password_ or _LastPass_.
 - `skip_cert_verify` - This option can be set in order to connect to a sever
   that is using self-signed TLS certificates.
 

diff --git a/python/Vira/vira_api.py b/python/Vira/vira_api.py
@@ -177,6 +177,8 @@ def connect(self, server):
         self.versions = set()
         self.users_type = ''
 
+        auth_kwargs = {}
+        option_kwargs = {}
         try:
             # Specify whether the server's TLS certificate needs to be verified
             if self.vira_servers[server].get('skip_cert_verify'):
@@ -186,12 +188,21 @@ def connect(self, server):
                 cert_verify = True
 
             # Get auth for current server
-            username = self.vira_servers[server].get('username')
-            password_cmd = self.vira_servers[server].get('password_cmd')
-            if password_cmd:
-                password = run_command(password_cmd)['stdout'].strip().split('\n')[0]
+            if not self.vira_servers[server].get('access_token_cmd') and not self.vira_servers[server].get('access_token'):
+                username = self.vira_servers[server].get('username')
+                password_cmd = self.vira_servers[server].get('password_cmd')
+                if password_cmd:
+                    password = run_command(password_cmd)['stdout'].strip().split('\n')[0]
+                else:
+                    password = self.vira_servers[server]['password']
+                auth_kwargs['basic_auth'] == (username, password)
             else:
-                password = self.vira_servers[server]['password']
+                token_cmd = self.vira_servers[server].get('access_token_cmd')
+                if token_cmd:
+                    access_token = run_command(token_cmd)['stdout'].strip().split('\n')[0]
+                else:
+                    access_token = self.vira_servers[server]['access_token']
+                option_kwargs={"headers": {"Authorization": "Bearer %s" % access_token}}
         except:
             self.msg_server_fail()
             raise
@@ -202,16 +213,21 @@ def connect(self, server):
                 server = 'https://' + server
                 vim.command('let g:vira_serv = "' + server + '"')
 
+            option_kwargs.update({
+                'server': server,
+                'verify': cert_verify,
+            })
+
             # Authorize
-            self.jira = JIRA(
-                options={
-                    'server': server,
-                    'verify': cert_verify,
-                },
-                basic_auth=(username, password),
-                timeout=2,
-                async_=True,
-                max_retries=2)
+            kwargs={
+                "timeout": 2,
+                "async_": True,
+                "max_retries": 2,
+                "options": option_kwargs,
+            }
+            kwargs.update(auth_kwargs)
+
+            self.jira = JIRA(**kwargs)
 
             # Initial list updates
             self.users = self.get_users()