vault/website/content/docs/agent/autoauth/methods/token_file.mdx

---
layout: docs
page_title: Vault Agent Auto-Auth Token File Method
description: Token File Method for Vault Agent Auto-Auth
---

# Vault Agent Auto-Auth Token File Method

~> Note: This authentication method is tailored for the development experience,
and to facilitate getting started with Vault Agent. Vault Agent should never be configured to use
this auto-auth method in a production environment.

The `token_file` method reads in an existing, valid Vault token from a file, and uses that
token in lieu of authenticating itself. While it's a first class auto-auth method for all intents
and purposes, it naturally doesn't authenticate itself, as it requires a token from elsewhere. Like
other auto-auth methods, Agent will attempt to renew the token, as appropriate.

This auto-auth method is especially useful when testing Vault Agent without needing to set up
any authentication methods in Vault. For long-running Agent processes, we strongly recommend another
auto-auth method, such that Agent is issuing its own authentication requests to Vault.

## Configuration

- `token_file_path` `(string: required)` - The path to the file with the token inside. This token cannot be a wrapping token.

## Example Configuration

An example configuration, using the `token_file` method to enable [auto-auth](/vault/docs/agent/autoauth), follows:

```hcl
pid_file = "./pidfile"

vault {
  address = "https://127.0.0.1:8200"
}

auto_auth {
  method {
    type      = "token_file"

    config = {
      token_file_path = "~/.vault-token"
    }
  }
}


api_proxy {
  use_auto_auth_token = true
}

listener "tcp" {
  address = "127.0.0.1:8100"
  tls_disable = true
}

template {
  source      = "/etc/vault/server.key.ctmpl"
  destination = "/etc/vault/server.key"
}

template {
  source      = "/etc/vault/server.crt.ctmpl"
  destination = "/etc/vault/server.crt"
}
```