diff --git a/.gitlab-ci-scripts/find-my-version.sh b/.gitlab-ci-scripts/find-my-version.sh
new file mode 100755
index 00000000..c44beeec
--- /dev/null
+++ b/.gitlab-ci-scripts/find-my-version.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+find_my_version() {
+    AVAILABLE_VERSIONS=$(git branch -vva \
+        | grep packaging/v[0-9] \
+        | awk '{ print $1 }' \
+        | awk -F/ '{ print $4 }' \
+        | sort -V \
+        | grep -v ^$ \
+    )
+    LATEST_VERSION=$(git branch -vva \
+        | grep packaging/v[0-9] \
+        | awk '{ print $1 }' \
+        | awk -F/ '{ print $4 }' \
+        | sort -V \
+        | tail -n 1 \
+    )
+    MY_VERSION="v$(cat VERSION)"
+    # MY_VERSION="v4.9.0"
+    # MY_VERSION="v5.0.0"
+    # MY_VERSION="v5.0.1"
+
+    # echo "My version: ${MY_VERSION}"
+    # echo "Available:  ${AVAILABLE_VERSIONS}"
+    # echo "Latest:     ${LATEST_VERSION}"
+
+    for VERSION in ${AVAILABLE_VERSIONS}; do
+        # echo ""
+        TESTVERSIONS="${VERSION} ${MY_VERSION}"
+        RESULTING_VERSION=$(for i in ${TESTVERSIONS}; do echo $i; done \
+            | sort -V \
+            | tail -n 1 \
+        )
+        # echo "Testing: ${VERSION} Result: ${RESULTING_VERSION}"
+        [[ "${RESULTING_VERSION}" == "${MY_VERSION}" ]] && {
+            VERSION_TO_USE=${VERSION}
+            # echo "Apparently:  ${RESULTING_VERSION} == ${MY_VERSION}"
+        }
+    done
+
+    # echo -e "\n"
+    # echo "VERSION_TO_USE: ${VERSION_TO_USE}"
+    echo "${VERSION_TO_USE}"
+}
diff --git a/.gitlab-ci-scripts/local-before-script.sh b/.gitlab-ci-scripts/local-before-script.sh
index 8146f944..c9facd60 100755
--- a/.gitlab-ci-scripts/local-before-script.sh
+++ b/.gitlab-ci-scripts/local-before-script.sh
@@ -1,14 +1,22 @@
 #!/bin/bash
 
 FILES=""
+OIDC_AGENT_REPO="http://codebase.helmholtz.cloud/m-team/oidc/oidc-agent.git"
 PACKAGING_BRANCH="packaging"
 
 echo "======== oidc-agent-local-before-script starting======="
 export VERSION=`cat VERSION`
 # clone the packages file of this repo:
 # Try with VERSION
-echo "Trying to use branch for packaging: ${PACKAGING_BRANCH}/latest"
-git clone -b ${PACKAGING_BRANCH}/latest http://codebase.helmholtz.cloud/m-team/oidc/oidc-agent.git delme || {
+
+MY_PACKAGING_VERSION="latest"
+[ -e .gitlab-ci-scripts/find-my-version.sh ] && {
+    . .gitlab-ci-scripts/find-my-version.sh
+    MY_PACKAGING_VERSION=$(find_my_version)
+}
+
+echo "Trying to use branch for packaging: ${PACKAGING_BRANCH}/${MY_PACKAGING_VERSION}"
+git clone -b ${PACKAGING_BRANCH}/${MY_PACKAGING_VERSION} ${OIDC_AGENT_REPO} delme || {
     exit 10
 }
 
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2c1d49b9..66791060 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -149,3 +149,4 @@ trigger-win-installer:
  
  
  
+ 
diff --git a/Makefile b/Makefile
index 643a0310..3e811071 100644
--- a/Makefile
+++ b/Makefile
@@ -564,7 +564,7 @@ install_bash: $(BASH_COMPLETION_PATH)/$(AGENT) $(BASH_COMPLETION_PATH)/$(GEN) $(
 	@echo "Installed bash completion"
 
 .PHONY: install_man
-install_man: $(MAN_PATH)/man1/$(AGENT).1 $(MAN_PATH)/man1/$(GEN).1 $(MAN_PATH)/man1/$(ADD).1 $(MAN_PATH)/man1/$(CLIENT).1 $(MAN_PATH)/man1/$(AGENT_SERVICE).1 $(MAN_PATH)/man1/$(KEYCHAIN).1 $(PROMPT_MAN_PATH)/man1/$(PROMPT).1
+install_man: $(MAN_PATH)/man1/$(AGENT).1 $(MAN_PATH)/man1/$(GEN).1 $(MAN_PATH)/man1/$(ADD).1 $(MAN_PATH)/man1/$(CLIENT).1 $(MAN_PATH)/man1/$(AGENT_SERVICE).1 $(MAN_PATH)/man1/$(KEYCHAIN).1 $(PROMPT_MAN_PATH)/man1/$(PROMPT).1 $(MAN_PATH)/man1/$(TOKENSH).1
 	@echo "Installed man pages!"
 
 .PHONY: install_lib
@@ -718,6 +718,8 @@ $(MAN_PATH)/man1/$(KEYCHAIN).1: $(MANDIR)/$(KEYCHAIN).1 $(MAN_PATH)/man1
 	@install -p -m 644 $< $@
 $(PROMPT_MAN_PATH)/man1/$(PROMPT).1: $(MANDIR)/$(PROMPT).1 $(PROMPT_MAN_PATH)/man1
 	@install -p -m 644 $< $@
+$(MAN_PATH)/man1/$(TOKENSH).1: $(MANDIR)/$(TOKENSH).1 $(MAN_PATH)/man1
+	@install -p -m 644 $< $@
 
 ## Tmpfiles
 $(TMPFILES_PATH)/oidc-agent.conf: $(CONFDIR)/tmpfiles.d/oidc-agent.conf
@@ -804,6 +806,7 @@ uninstall_man:
 	@$(rm) $(MAN_PATH)/man1/$(CLIENT).1
 	@$(rm) $(MAN_PATH)/man1/$(AGENT_SERVICE).1
 	@$(rm) $(MAN_PATH)/man1/$(KEYCHAIN).1
+	@$(rm) $(MAN_PATH)/man1/$(TOKENSH).1
 	@$(rm) $(PROMPT_MAN_PATH)/man1/$(PROMPT).1
 	@echo "Uninstalled man pages!"
 
@@ -858,7 +861,7 @@ uninstall_xsession_script:
 # Man pages
 
 .PHONY: create_man
-create_man: $(MANDIR)/$(AGENT).1 $(MANDIR)/$(GEN).1 $(MANDIR)/$(ADD).1  $(MANDIR)/$(CLIENT).1 $(MANDIR)/$(AGENT_SERVICE).1 $(MANDIR)/$(KEYCHAIN).1 $(MANDIR)/$(PROMPT).1
+create_man: $(MANDIR)/$(AGENT).1 $(MANDIR)/$(GEN).1 $(MANDIR)/$(ADD).1  $(MANDIR)/$(CLIENT).1 $(MANDIR)/$(AGENT_SERVICE).1 $(MANDIR)/$(KEYCHAIN).1 $(MANDIR)/$(PROMPT).1 $(MANDIR)/$(TOKENSH).1
 	@echo "Created man pages"
 
 $(MANDIR)/$(AGENT).1: $(MANDIR) $(BINDIR)/$(AGENT) $(SRCDIR)/h2m/$(AGENT).h2m
@@ -882,6 +885,9 @@ $(MANDIR)/$(KEYCHAIN).1: $(MANDIR) $(BINDIR)/$(KEYCHAIN) $(SRCDIR)/h2m/$(KEYCHAI
 $(MANDIR)/$(PROMPT).1: $(MANDIR) $(BINDIR)/$(PROMPT) $(SRCDIR)/h2m/$(PROMPT).h2m
 	@help2man $(BINDIR)/$(PROMPT) -o $(MANDIR)/$(PROMPT).1 -s 1 -N -i $(SRCDIR)/h2m/$(PROMPT).h2m --no-discard-stderr
 
+$(MANDIR)/$(TOKENSH).1: $(MANDIR) $(BINDIR)/$(TOKENSH) $(SRCDIR)/h2m/$(TOKENSH).h2m
+	@help2man $(BINDIR)/$(TOKENSH) -o $(MANDIR)/$(TOKENSH).1 -s 1 -N -i $(SRCDIR)/h2m/$(TOKENSH).h2m
+
 endif
 
 # Library
@@ -1081,8 +1087,9 @@ test: $(TESTBINDIR)/test
 	@$<
 
 .PHONY: testdocu
-testdocu: $(BINDIR)/$(AGENT) $(BINDIR)/$(GEN) $(BINDIR)/$(ADD) $(BINDIR)/$(CLIENT) gitbook/$(GEN)/options.md gitbook/$(AGENT)/options.md gitbook/$(ADD)/options.md gitbook/$(CLIENT)/options.md
+testdocu: $(BINDIR)/$(AGENT) $(BINDIR)/$(GEN) $(BINDIR)/$(ADD) $(BINDIR)/$(CLIENT) gitbook/$(GEN)/options.md gitbook/$(AGENT)/options.md gitbook/$(ADD)/options.md gitbook/$(CLIENT)/options.md gitbook/$(TOKENSH)/options.md
 	@$(BINDIR)/$(AGENT) -h | grep "^[[:space:]]*-" | grep -v "debug" | grep -v "verbose" | grep -v "usage" | grep -v "help" | grep -v "version" | sed 's/\s*--/--/' | sed 's/[^\s]*,--/--/' | sed 's/\s.*//' | sed 's/\[.*//' | sed 's/,.*//' | sed 's/=.*//' | xargs -I {} sh -c 'grep -c -- ^###.*{} gitbook/$(AGENT)/options.md>/dev/null || echo "In gitbook/$(AGENT)/options.md: {} not documented"'
 	@$(BINDIR)/$(GEN) -h | grep "^[[:space:]]*-" | grep -v "debug" | grep -v "verbose" | grep -v "usage" | grep -v "help" | grep -v "version" | sed 's/\s*--/--/' | sed 's/[^\s]*,--/--/' | sed 's/\s.*//'  | sed 's/\[.*//' | sed 's/,.*//' | sed 's/=.*//' | xargs -I {} sh -c 'grep -c -- ^###.*{} gitbook/$(GEN)/options.md>/dev/null || echo "In gitbook/$(GEN)/options.md: {} not documented"'
 	@$(BINDIR)/$(ADD) -h | grep "^[[:space:]]*-" | grep -v "debug" | grep -v "verbose" | grep -v "usage" | grep -v "help" | grep -v "version" | sed 's/\s*--/--/' | sed 's/[^\s]*,--/--/' | sed 's/\s.*//' | sed 's/\[.*//' | sed 's/,.*//' | sed 's/=.*//' | xargs -I {} sh -c 'grep -c -- ^###.*{} gitbook/$(ADD)/options.md>/dev/null || echo "In gitbook/$(ADD)/options.md: {} not documented"'
 	@$(BINDIR)/$(CLIENT) -h | grep "^[[:space:]]*-" | grep -v "debug" | grep -v "verbose" | grep -v "usage" | grep -v "help" | grep -v "version" | sed 's/\s*--/--/' | sed 's/[^\s]*,--/--/' | sed 's/\s.*//' | sed 's/\[.*//' | sed 's/,.*//' | sed 's/=.*//' | xargs -I {} sh -c 'grep -c -- ^###.*{} gitbook/$(CLIENT)/options.md>/dev/null || echo "In gitbook/$(CLIENT)/options.md: {} not documented"'
+	@$(BINDIR)/$(TOKENSH) -h | grep "^[[:space:]]*-" | grep -v "debug" | grep -v "verbose" | grep -v "usage" | grep -v "help" | grep -v "version" | sed 's/\s*--/--/' | sed 's/[^\s]*,--/--/' | sed 's/\s.*//' | sed 's/\[.*//' | sed 's/,.*//' | sed 's/=.*//' | xargs -I {} sh -c 'grep -c -- ^###.*{} gitbook/$(TOKENSH)/options.md>/dev/null || echo "In gitbook/$(TOKENSH)/options.md: {} not documented"'
diff --git a/gitbook/SUMMARY.md b/gitbook/SUMMARY.md
index cb09529c..1dc3e5cd 100644
--- a/gitbook/SUMMARY.md
+++ b/gitbook/SUMMARY.md
@@ -45,6 +45,9 @@
     * [oidc-token](oidc-token/oidc-token.md)
         * [General Usage](oidc-token/general.md)
         * [Detailed Information About All Options](oidc-token/options.md)
+    * [oidc-tokensh](oidc-token/oidc-tokensh.md)
+        * [General Usage](oidc-tokensh/general.md)
+        * [Detailed Information About All Options](oidc-tokensh/options.md)
     * [Other Applications Using oidc-agent](agent-clients.md)
     * [Tips](tips.md)
     * [oidc-agent-server](oidc-agent-server/oidc-agent-server.md)
diff --git a/src/h2m/oidc-tokensh.h2m b/src/h2m/oidc-tokensh.h2m
new file mode 100644
index 00000000..adb66af2
--- /dev/null
+++ b/src/h2m/oidc-tokensh.h2m
@@ -0,0 +1,17 @@
+[NAME]
+oidc-tokensh \- Ensure that valid Access Tokens are always available
+
+oidc-tokensh starts a new shell within which oidc-agent is available. It
+prompts for a password to unlock an account configuration, when necessary.
+
+Access Tokens are automatically renewed for the specified account, before
+they expire.
+
+[FILES]
+$XDG_RUNTIME_DIR/bt_u$ID, /tmp/bt_u$ID, or $BEARER_TOKEN_FILE
+[SEE ALSO]
+oidc-agent(1), oidc-add(1), oidc-token(1)
+.PP
+Low-traffic mailing list with updates such as critical security incidents and new releases: https://www.lists.kit.edu/sympa/subscribe/oidc-agent-user
+.PP
+Full documentation can be found at https://indigo-dc.gitbooks.io/oidc-agent/user/oidc-tokensh
diff --git a/src/oidc-tokensh/oidc-tokensh b/src/oidc-tokensh/oidc-tokensh
index c812874a..59521ce5 100755
--- a/src/oidc-tokensh/oidc-tokensh
+++ b/src/oidc-tokensh/oidc-tokensh
@@ -25,7 +25,7 @@ usage()
     echo "  -v|--verbose            show debug output"
     echo ""
     echo "command defaults to \$SHELL"
-} >&2
+}
 
 # if [ $# = 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
 #     echo "[${LINENO}] You ran:  $0 $*"