diff --git a/command/server.go b/command/server.go
index 06c3d98a67..c93e6a3007 100644
--- a/command/server.go
+++ b/command/server.go
@@ -87,13 +87,13 @@ type ServerCommand struct {
 	reloadedCh      chan (struct{}) // for tests
 
 	// new stuff
-	flagConfigs        []string
-	flagLogLevel       string
-	flagLogFormat      string
-	flagDev            bool
-	flagDevRootTokenID string
-	flagDevListenAddr  string
-
+	flagConfigs         []string
+	flagLogLevel        string
+  flagLogFormat       string
+	flagDev             bool
+	flagDevRootTokenID  string
+	flagDevListenAddr   string
+	flagDevNoStoreToken bool
 	flagDevPluginDir     string
 	flagDevPluginInit    bool
 	flagDevHA            bool
@@ -213,6 +213,14 @@ func (c *ServerCommand) Flags() *FlagSets {
 		EnvVar:  "VAULT_DEV_LISTEN_ADDRESS",
 		Usage:   "Address to bind to in \"dev\" mode.",
 	})
+	f.BoolVar(&BoolVar{
+		Name:    "dev-no-store-token",
+		Target:  &c.flagDevNoStoreToken,
+		Default: false,
+		Usage: "Do not persist the dev root token to the token helper " +
+			"(usually the local filesystem) for use in future requests. " +
+			"The token will only be displayed in the command output.",
+	})
 
 	// Internal-only flags to follow.
 	//
@@ -1515,12 +1523,14 @@ func (c *ServerCommand) enableDev(core *vault.Core, coreConfig *vault.CoreConfig
 	}
 
 	// Set the token
-	tokenHelper, err := c.TokenHelper()
-	if err != nil {
-		return nil, err
-	}
-	if err := tokenHelper.Store(init.RootToken); err != nil {
-		return nil, err
+	if !c.flagDevNoStoreToken {
+		tokenHelper, err := c.TokenHelper()
+		if err != nil {
+			return nil, err
+		}
+		if err := tokenHelper.Store(init.RootToken); err != nil {
+			return nil, err
+		}
 	}
 
 	kvVer := "2"
diff --git a/website/source/docs/commands/server.html.md b/website/source/docs/commands/server.html.md
index 491483573d..3f43e9dfed 100644
--- a/website/source/docs/commands/server.html.md
+++ b/website/source/docs/commands/server.html.md
@@ -76,4 +76,8 @@ flags](/docs/commands/index.html) included on all commands.
   when running in "dev" mode. This can also be specified via the
   `VAULT_DEV_ROOT_TOKEN_ID` environment variable.
 
+- `-dev-no-store-token` `(string: "")` - Do not persist the dev root token to
+  the token helper (usually the local filesystem) for use in future requests.
+  The token will only be displayed in the command output.
+
 - `-dev-plugin-dir` `(string: "")` - Directory from which plugins are allowed to be loaded. Only applies in "dev" mode, it will automatically register all the plugins in the provided directory.