diff --git a/cmd/lotus-storage-miner/auth.go b/cmd/lotus-storage-miner/auth.go
new file mode 100644
index 000000000..757833970
--- /dev/null
+++ b/cmd/lotus-storage-miner/auth.go
@@ -0,0 +1,67 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+
+	"gopkg.in/urfave/cli.v2"
+
+	"github.com/filecoin-project/lotus/api/apistruct"
+	lcli "github.com/filecoin-project/lotus/cli"
+)
+
+var authCmd = &cli.Command{
+	Name:  "auth",
+	Usage: "Manage RPC permissions",
+	Subcommands: []*cli.Command{
+		authCreateAdminToken,
+	},
+}
+
+var authCreateAdminToken = &cli.Command{
+	Name:  "create-token",
+	Usage: "Create token",
+	Flags: []cli.Flag{
+		&cli.StringFlag{
+			Name:  "perm",
+			Usage: "permission to assign to the token, one of: read, write, sign, admin",
+		},
+	},
+
+	Action: func(cctx *cli.Context) error {
+		napi, closer, err := lcli.GetStorageMinerAPI(cctx)
+		if err != nil {
+			return err
+		}
+		defer closer()
+
+		ctx := lcli.ReqContext(cctx)
+
+		if !cctx.IsSet("perm") {
+			return errors.New("--perm flag not set")
+		}
+
+		perm := cctx.String("perm")
+		idx := 0
+		for i, p := range apistruct.AllPermissions {
+			if perm == p {
+				idx = i + 1
+			}
+		}
+
+		if idx == 0 {
+			return fmt.Errorf("--perm flag has to be one of: %s", apistruct.AllPermissions)
+		}
+
+		// slice on [:idx] so for example: 'sign' gives you [read, write, sign]
+		token, err := napi.AuthNew(ctx, apistruct.AllPermissions[:idx])
+		if err != nil {
+			return err
+		}
+
+		// TODO: Log in audit log when it is implemented
+
+		fmt.Println(string(token))
+		return nil
+	},
+}
diff --git a/cmd/lotus-storage-miner/main.go b/cmd/lotus-storage-miner/main.go
index 00c170703..61eaa796b 100644
--- a/cmd/lotus-storage-miner/main.go
+++ b/cmd/lotus-storage-miner/main.go
@@ -8,7 +8,6 @@ import (
 	"gopkg.in/urfave/cli.v2"
 
 	"github.com/filecoin-project/lotus/build"
-	lcli "github.com/filecoin-project/lotus/cli"
 	"github.com/filecoin-project/lotus/node/repo"
 	"github.com/filecoin-project/lotus/tracing"
 )
@@ -22,6 +21,7 @@ func main() {
 	logging.SetLogLevel("swarm", "WARN")
 
 	local := []*cli.Command{
+		authCmd,
 		runCmd,
 		initCmd,
 		infoCmd,
@@ -67,7 +67,7 @@ func main() {
 			},
 		},
 
-		Commands: append(local, lcli.Commands...),
+		Commands: local,
 	}
 	app.Setup()
 	app.Metadata["repoType"] = repo.StorageMiner