diff --git a/command/login.go b/command/login.go
index ae8d2fe7083a..b6603e855a59 100644
--- a/command/login.go
+++ b/command/login.go
@@ -25,6 +25,7 @@ type LoginCommand struct {
 	flagMethod    string
 	flagPath      string
 	flagNoStore   bool
+	flagNoPrint   bool
 	flagTokenOnly bool
 
 	// Deprecations
@@ -114,6 +115,14 @@ func (c *LoginCommand) Flags() *FlagSets {
 			"The token will only be displayed in the command output.",
 	})
 
+	f.BoolVar(&BoolVar{
+		Name:    "no-print",
+		Target:  &c.flagNoPrint,
+		Default: false,
+		Usage: "Do not display the token. The token will be still be stored to the " +
+			"configured token helper.",
+	})
+
 	f.BoolVar(&BoolVar{
 		Name:    "token-only",
 		Target:  &c.flagTokenOnly,
@@ -192,6 +201,12 @@ func (c *LoginCommand) Run(args []string) int {
 		c.flagField = "token"
 	}
 
+	if c.flagNoStore && c.flagNoPrint {
+		c.UI.Error(wrapAtLength(
+			"-no-store and -no-print cannot be used together"))
+		return 1
+	}
+
 	// Get the auth method
 	authMethod := sanitizePath(c.flagMethod)
 	if authMethod == "" {
@@ -329,6 +344,10 @@ func (c *LoginCommand) Run(args []string) int {
 				"Vault.") + "\n")
 	}
 
+	if c.flagNoPrint {
+		return 0
+	}
+
 	// If the user requested a particular field, print that out now since we
 	// are likely piping to another process.
 	if c.flagField != "" {