diff --git a/lib/kubeclient/config.rb b/lib/kubeclient/config.rb
index f9aa79ae..57386702 100644
--- a/lib/kubeclient/config.rb
+++ b/lib/kubeclient/config.rb
@@ -173,7 +173,9 @@ def fetch_user_key_data(user)
 
     def fetch_user_auth_options(user)
       options = {}
-      if user.key?('token')
+      if user.key?('tokenFile')
+        options[:bearer_token_file] = user['tokenFile']
+      elsif user.key?('token')
         options[:bearer_token] = user['token']
       elsif user.key?('exec_result') && user['exec_result'].key?('token')
         options[:bearer_token] = user['exec_result']['token']
diff --git a/test/config/userauth.kubeconfig b/test/config/userauth.kubeconfig
index 604e3bda..39c5eddc 100644
--- a/test/config/userauth.kubeconfig
+++ b/test/config/userauth.kubeconfig
@@ -9,6 +9,11 @@ contexts:
     namespace: default
     user: system:admin:token
   name: localhost/system:admin:token
+- context:
+    cluster: localhost:6443
+    namespace: default
+    user: system:admin:token-file
+  name: localhost/system:admin:token-file
 - context:
     cluster: localhost:6443
     namespace: default
@@ -21,6 +26,9 @@ users:
 - name: system:admin:token
   user:
     token: 0123456789ABCDEF0123456789ABCDEF
+- name: system:admin:token-file
+  user:
+    tokenFile: /path/to/secret/token
 - name: system:admin:userpass
   user:
     username: admin
diff --git a/test/test_config.rb b/test/test_config.rb
index a11c29aa..a31452ea 100644
--- a/test/test_config.rb
+++ b/test/test_config.rb
@@ -98,7 +98,9 @@ def test_nouser
   def test_user_token
     config = Kubeclient::Config.read(config_file('userauth.kubeconfig'))
     assert_equal(
-      ['localhost/system:admin:token', 'localhost/system:admin:userpass'],
+      ['localhost/system:admin:token',
+       'localhost/system:admin:token-file',
+       'localhost/system:admin:userpass'],
       config.contexts
     )
     context = config.context('localhost/system:admin:token')
@@ -106,10 +108,25 @@ def test_user_token
     assert_equal('0123456789ABCDEF0123456789ABCDEF', context.auth_options[:bearer_token])
   end
 
+  def test_user_token_file
+    config = Kubeclient::Config.read(config_file('userauth.kubeconfig'))
+    assert_equal(
+      ['localhost/system:admin:token',
+       'localhost/system:admin:token-file',
+       'localhost/system:admin:userpass'],
+      config.contexts
+    )
+    context = config.context('localhost/system:admin:token-file')
+    check_context(context, ssl: true, custom_ca: false, client_cert: false)
+    assert_equal('/path/to/secret/token', context.auth_options[:bearer_token_file])
+  end
+
   def test_user_password
     config = Kubeclient::Config.read(config_file('userauth.kubeconfig'))
     assert_equal(
-      ['localhost/system:admin:token', 'localhost/system:admin:userpass'],
+      ['localhost/system:admin:token',
+       'localhost/system:admin:token-file',
+       'localhost/system:admin:userpass'],
       config.contexts
     )
     context = config.context('localhost/system:admin:userpass')