diff --git a/.config/scripts/anyrun/Auth.sh b/.config/scripts/anyrun/Auth.sh
index 195962a..7ee2820 100755
--- a/.config/scripts/anyrun/Auth.sh
+++ b/.config/scripts/anyrun/Auth.sh
@@ -1,14 +1,28 @@
-#!/bin/env sh
+#!/bin/bash
 
-SCRIPTPATH="$(
-  cd -- "$(dirname "$0")" >/dev/null 2>&1
-  pwd -P
-)"
-TOKEN=$(cat "$SCRIPTPATH/.auth-token")
+set -o pipefail
 
+KEYRING_NAME="2fauth"
+KEYRING_VALUE="token"
 DOMAIN="https://auth.iedsoftworks.com"
 
-list=$(curl --oauth2-bearer "$TOKEN" "$DOMAIN/api/v1/twofaccounts" | jq 'map({"\(.service) - \(.account)": .id}) | add' -r)
+getApiToken() {
+  token=$(secret-tool lookup "$KEYRING_NAME" "$KEYRING_VALUE")
+  if [[ $? == 0 ]]; then
+    return 0
+  fi
+
+  token=$(zenity --forms --add-multiline-entry="API Key" --text="Provide a valid API key")
+  if [[ $token == "" ]]; then
+    return 1
+  fi
+
+  echo "$token" | secret-tool store --label "2FAuth API Key" "$KEYRING_NAME" "$KEYRING_VALUE"
+}
+
+getApiToken
+
+list=$(curl --oauth2-bearer "$token" "$DOMAIN/api/v1/twofaccounts" | jq 'map({"\(.service) - \(.account)": .id}) | add' -r)
 selection=$(echo "$list" | jq 'keys | map("\(.)\n") | add' -r | anyrun --plugins libstdin.so)
 
 if [[ $selection == "" ]]; then
@@ -17,7 +31,7 @@ fi
 
 id=$(echo $list | jq ".[\"${selection}\"]")
 
-curl --oauth2-bearer "$TOKEN" "$DOMAIN/api/v1/twofaccounts/$id/otp" |
+curl --oauth2-bearer "$token" "$DOMAIN/api/v1/twofaccounts/$id/otp" |
   jq ".password" -r |
   wl-copy
 
diff --git a/.config/yadm/encrypt b/.config/yadm/encrypt
index b833d97..14e765b 100644
--- a/.config/yadm/encrypt
+++ b/.config/yadm/encrypt
@@ -1,5 +1,3 @@
 .ssh/*.key
 
 .local/share/kwalletd/*
-
-.config/scripts/anyrun/.auth-token
diff --git a/.gitignore b/.gitignore
index 7b49436..71cb9af 100644
--- a/.gitignore
+++ b/.gitignore
@@ -38,7 +38,6 @@
 !/.config/xdg-desktop-portal/
 !/.config/xdg-desktop-portal-termfilechooser/
 !/.config/scripts/
-/.config/scripts/anyrun/.auth-token
 !/.config/systemd/
 /.config/systemd/*
 !/.config/systemd/user/