- Use -u username:password basic auth for all API calls
- GET /users/{name}/tokens to find existing token
- DELETE /users/{name}/tokens/{id} to remove existing token
- POST /users/{name}/tokens with {"name": "...", "scopes": ["all"]}
- Extract 'sha1' field from POST response as the token value
- Use ego-mgr get default-username instead of secret-mgr get-username
