diff --git a/README.md b/README.md
index 8844686..9193069 100644
--- a/README.md
+++ b/README.md
@@ -46,6 +46,10 @@ An SSL certificate signed by your site’s Puppet CA
 
 The private key for that certificate
 
+### PE_TOKEN
+
+Puppet Enterprise authentication token. If set, will be used instead of certificate authentication.
+
 Plugins
 -------
 
diff --git a/lib/puppet-ghostbuster/puppetdb.rb b/lib/puppet-ghostbuster/puppetdb.rb
index 1545632..35e2b08 100644
--- a/lib/puppet-ghostbuster/puppetdb.rb
+++ b/lib/puppet-ghostbuster/puppetdb.rb
@@ -13,14 +13,22 @@ class PuppetDB
     end
 
     def self.client
-      @@client ||= ::PuppetDB::Client.new({
-                                            server: ENV['PUPPETDB_URL'] || @@puppetdb,
-                                            pem: {
-                                              'key' => ENV['PUPPETDB_KEY_FILE'] || Puppet[:hostprivkey],
-                                              'cert' => ENV['PUPPETDB_CERT_FILE'] || Puppet[:hostcert],
-                                              'ca_file' => ENV['PUPPETDB_CACERT_FILE'] || Puppet[:localcacert],
-                                            },
-                                          }, 4)
+      options = {
+        server: ENV['PUPPETDB_URL'] || @@puppetdb
+      }
+
+      if ENV['PE_TOKEN']
+        options[:token] = ENV['PE_TOKEN']
+        options[:cacert] = ENV['PUPPETDB_CACERT_FILE'] || Puppet[:localcacert]
+      else
+        options[:pem] = {
+          'key' => ENV['PUPPETDB_KEY_FILE'] || Puppet[:hostprivkey],
+          'cert' => ENV['PUPPETDB_CERT_FILE'] || Puppet[:hostcert],
+          'ca_file' => ENV['PUPPETDB_CACERT_FILE'] || Puppet[:localcacert],
+        }
+      end
+
+      @@client ||= ::PuppetDB::Client.new(options, 4)
     end
 
     def client