diff --git a/.config/s3.config.php b/.config/s3.config.php
index a17e4037..40379fe6 100644
--- a/.config/s3.config.php
+++ b/.config/s3.config.php
@@ -40,6 +40,14 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
     $CONFIG['objectstore']['arguments']['secret'] = '';
   }
 
+  if (getenv('OBJECTSTORE_S3_SESSION_TOKEN_FILE')) {
+    $CONFIG['objectstore']['arguments']['session_token'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SESSION_TOKEN_FILE')));
+  } elseif (getenv('OBJECTSTORE_S3_SESSION_TOKEN')) {
+    $CONFIG['objectstore']['arguments']['session_token'] = getenv('OBJECTSTORE_S3_SESSION_TOKEN');
+  } else {
+    $CONFIG['objectstore']['arguments']['session_token'] = '';
+  }
+
   if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
     $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
   } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
diff --git a/README.md b/README.md
index 7de62124..e5853303 100644
--- a/README.md
+++ b/README.md
@@ -282,6 +282,7 @@ To use an external S3 compatible object store as primary storage, set the follow
 - `OBJECTSTORE_S3_PORT`: The port that the object storage server is being served over
 - `OBJECTSTORE_S3_KEY`: AWS style access key
 - `OBJECTSTORE_S3_SECRET`: AWS style secret access key
+- `OBJECTSTORE_S3_SESSION_TOKEN`: AWS style session token for STS auth workflows
 - `OBJECTSTORE_S3_STORAGE_CLASS`: The storage class to use when adding objects to the bucket
 - `OBJECTSTORE_S3_SSL` (default: `true`): Whether or not SSL/TLS should be used to communicate with object storage server
 - `OBJECTSTORE_S3_USEPATH_STYLE` (default: `false`): Not required for AWS S3