diff --git a/src/auth.rs b/src/auth.rs
index d4a79a7..5ab5119 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -1,6 +1,15 @@
 use std::process;
 
-pub fn get_token_from_command(command: &str) -> Result<String, String> {
+#[derive(Clone)]
+pub struct AuthToken(String);
+
+impl AuthToken {
+    pub fn access(&self) -> &str {
+        &self.0
+    }
+}
+
+pub fn get_token_from_command(command: &str) -> Result<AuthToken, String> {
     let output = process::Command::new("/usr/bin/env")
         .arg("sh")
         .arg("-c")
@@ -32,5 +41,5 @@ pub fn get_token_from_command(command: &str) -> Result<String, String> {
         .next()
         .ok_or_else(|| String::from("Output did not contain any newline"))?;
 
-    Ok(token.to_string())
+    Ok(AuthToken(token.to_string()))
 }
diff --git a/src/provider/github.rs b/src/provider/github.rs
index e721ca3..e362c4e 100644
--- a/src/provider/github.rs
+++ b/src/provider/github.rs
@@ -1,12 +1,12 @@
 use serde::Deserialize;
 
+use super::auth;
 use super::escape;
 use super::ApiErrorResponse;
 use super::Filter;
 use super::JsonError;
 use super::Project;
 use super::Provider;
-use super::SecretToken;
 
 const PROVIDER_NAME: &str = "github";
 const ACCEPT_HEADER_JSON: &str = "application/vnd.github.v3+json";
@@ -67,7 +67,7 @@ impl JsonError for GithubApiErrorResponse {
 
 pub struct Github {
     filter: Filter,
-    secret_token: SecretToken,
+    secret_token: auth::AuthToken,
 }
 
 impl Provider for Github {
@@ -76,7 +76,7 @@ impl Provider for Github {
 
     fn new(
         filter: Filter,
-        secret_token: SecretToken,
+        secret_token: auth::AuthToken,
         api_url_override: Option<String>,
     ) -> Result<Self, String> {
         if api_url_override.is_some() {
@@ -96,8 +96,8 @@ impl Provider for Github {
         self.filter.clone()
     }
 
-    fn secret_token(&self) -> SecretToken {
-        self.secret_token.clone()
+    fn secret_token(&self) -> &auth::AuthToken {
+        &self.secret_token
     }
 
     fn auth_header_key() -> String {
diff --git a/src/provider/gitlab.rs b/src/provider/gitlab.rs
index 4f9853e..42bc57e 100644
--- a/src/provider/gitlab.rs
+++ b/src/provider/gitlab.rs
@@ -1,12 +1,12 @@
 use serde::Deserialize;
 
+use super::auth;
 use super::escape;
 use super::ApiErrorResponse;
 use super::Filter;
 use super::JsonError;
 use super::Project;
 use super::Provider;
-use super::SecretToken;
 
 const PROVIDER_NAME: &str = "gitlab";
 const ACCEPT_HEADER_JSON: &str = "application/json";
@@ -75,7 +75,7 @@ impl JsonError for GitlabApiErrorResponse {
 
 pub struct Gitlab {
     filter: Filter,
-    secret_token: SecretToken,
+    secret_token: auth::AuthToken,
     api_url_override: Option<String>,
 }
 
@@ -95,7 +95,7 @@ impl Provider for Gitlab {
 
     fn new(
         filter: Filter,
-        secret_token: SecretToken,
+        secret_token: auth::AuthToken,
         api_url_override: Option<String>,
     ) -> Result<Self, String> {
         Ok(Self {
@@ -113,8 +113,8 @@ impl Provider for Gitlab {
         self.filter.clone()
     }
 
-    fn secret_token(&self) -> SecretToken {
-        self.secret_token.clone()
+    fn secret_token(&self) -> &auth::AuthToken {
+        &self.secret_token
     }
 
     fn auth_header_key() -> String {
diff --git a/src/provider/mod.rs b/src/provider/mod.rs
index edfc74d..27c1e29 100644
--- a/src/provider/mod.rs
+++ b/src/provider/mod.rs
@@ -10,6 +10,7 @@ pub use github::Github;
 pub use gitlab::Gitlab;
 
 use super::repo;
+use super::auth;
 
 use std::collections::HashMap;
 
@@ -69,8 +70,6 @@ pub trait Project {
     fn private(&self) -> bool;
 }
 
-type SecretToken = String;
-
 #[derive(Clone)]
 pub struct Filter {
     users: Vec<String>,
@@ -117,7 +116,7 @@ pub trait Provider {
 
     fn new(
         filter: Filter,
-        secret_token: SecretToken,
+        secret_token: auth::AuthToken,
         api_url_override: Option<String>,
     ) -> Result<Self, String>
     where
@@ -125,7 +124,7 @@ pub trait Provider {
 
     fn name(&self) -> String;
     fn filter(&self) -> Filter;
-    fn secret_token(&self) -> SecretToken;
+    fn secret_token(&self) -> &auth::AuthToken;
     fn auth_header_key() -> String;
 
     fn get_user_projects(
@@ -167,7 +166,7 @@ pub trait Provider {
             .header("accept", accept_header.unwrap_or("application/json"))
             .header(
                 "authorization",
-                format!("{} {}", Self::auth_header_key(), &self.secret_token()),
+                format!("{} {}", Self::auth_header_key(), &self.secret_token().access()),
             )
             .body(())
             .map_err(|error| error.to_string())?;
@@ -308,7 +307,7 @@ pub trait Provider {
 fn call<T, U>(
     uri: &str,
     auth_header_key: &str,
-    secret_token: &str,
+    secret_token: &auth::AuthToken,
     accept_header: Option<&str>,
 ) -> Result<T, ApiErrorResponse<U>>
 where
@@ -322,7 +321,7 @@ where
         .header("accept", accept_header.unwrap_or("application/json"))
         .header(
             "authorization",
-            format!("{} {}", &auth_header_key, &secret_token),
+            format!("{} {}", &auth_header_key, &secret_token.access()),
         )
         .body(())
         .map_err(|error| ApiErrorResponse::String(error.to_string()))?;