diff --git a/lib/gist.rb b/lib/gist.rb
index bc30d06..84d3a2c 100644
--- a/lib/gist.rb
+++ b/lib/gist.rb
@@ -40,11 +40,32 @@ def self.exception(*args)
   end
   class ClipboardError < RuntimeError; include Error end
 
+  # helper module for authentication token actions
+  module AuthTokenFile
+    def self.filename
+      if ENV.key?(URL_ENV_NAME)
+        File.expand_path "~/.gist.#{ENV[URL_ENV_NAME].gsub(/[^a-z.]/, '')}"
+      else
+        File.expand_path "~/.gist"
+      end
+    end
+
+    def self.read
+      File.read(filename).chomp
+    end
+
+    def self.write(token)
+      File.open(filename, 'w', 0600) do |f|
+        f.write token
+      end
+    end
+  end
+
   # auth token for authentication
   #
   # @return [String] string value of access token or `nil`, if not found
   def auth_token
-    @token ||= File.read(auth_token_file).chomp rescue nil
+    @token ||= AuthTokenFile.read rescue nil
   end
 
   # Upload a gist to https://gist.github.com
@@ -258,9 +279,7 @@ def login!(credentials={})
       end
 
       if Net::HTTPCreated === response
-        File.open(auth_token_file, 'w', 0600) do |f|
-          f.write JSON.parse(response.body)['token']
-        end
+        AuthTokenFile.write JSON.parse(response.body)['token']
         puts "Success! #{ENV[URL_ENV_NAME] || "https://github.com/"}settings/applications"
         return
       elsif Net::HTTPUnauthorized === response
@@ -441,14 +460,6 @@ def api_url
     ENV.key?(URL_ENV_NAME) ? URI(ENV[URL_ENV_NAME]) : GITHUB_API_URL
   end
 
-  def auth_token_file
-    if ENV.key?(URL_ENV_NAME)
-      File.expand_path "~/.gist.#{ENV[URL_ENV_NAME].gsub(/[^a-z.]/, '')}"
-    else
-      File.expand_path "~/.gist"
-    end
-  end
-
   def legacy_private_gister?
     return unless which('git')
     `git config --global gist.private` =~ /\Ayes|1|true|on\z/i
diff --git a/spec/auth_token_file_spec.rb b/spec/auth_token_file_spec.rb
new file mode 100644
index 0000000..e71e3d8
--- /dev/null
+++ b/spec/auth_token_file_spec.rb
@@ -0,0 +1,61 @@
+describe Gist::AuthTokenFile do
+  subject { Gist::AuthTokenFile }
+
+  before(:each) do
+    stub_const("Gist::URL_ENV_NAME", "STUBBED_GITHUB_URL")
+  end
+
+  describe "::filename" do
+    let(:filename) { double() }
+
+    context "with default GITHUB_URL" do
+      it "is ~/.gist" do
+        File.should_receive(:expand_path).with("~/.gist").and_return(filename)
+        subject.filename.should be filename
+      end
+    end
+
+    context "with custom GITHUB_URL" do
+      before do
+        ENV[Gist::URL_ENV_NAME] = github_url
+      end
+      let(:github_url) { "gh.custom.org" }
+
+      it "is ~/.gist.{custom_github_url}" do
+        File.should_receive(:expand_path).with("~/.gist.#{github_url}").and_return(filename)
+        subject.filename.should be filename
+      end
+    end
+
+  end
+
+  describe "::read" do
+    let(:token) { "auth_token" }
+
+    it "reads file contents" do
+      File.should_receive(:read).and_return(token)
+      subject.read.should eq token
+    end
+
+    it "chomps file contents" do
+      File.should_receive(:read).and_return(token + "\n")
+      subject.read.should eq token
+    end
+  end
+
+  describe "::write" do
+    let(:token) { double() }
+    let(:filename) { double() }
+    let(:token_file) { double() }
+
+    before do
+      subject.stub(:filename) { filename }
+    end
+
+    it "writes token to file" do
+      File.should_receive(:open).with(filename, 'w', 0600).and_yield(token_file)
+      token_file.should_receive(:write).with(token)
+      subject.write(token)
+    end
+  end
+end