diff --git a/website/source/docs/commands/environment.html.md b/website/source/docs/commands/environment.html.md
new file mode 100644
index 0000000000..f93c671603
--- /dev/null
+++ b/website/source/docs/commands/environment.html.md
@@ -0,0 +1,50 @@
+---
+layout: "docs"
+page_title: "Environment"
+sidebar_current: "docs-commands-environment"
+description: |-
+  Vault's behavior can be modified by certain environment variables.
+---
+
+# Environment variables
+
+The Vault CLI will read the following environment variables to set
+behavioral defaults.  These can be overridden in all cases using
+command-line arguments; see the command-line help for details.
+
+The following table describes them:
+
+<table>
+  <tr>
+    <th>Variable name</th>
+    <th>Value</th>
+  </tr>
+  <tr>
+    <td><tt>VAULT_TOKEN</tt></td>
+    <td>The Vault authentication token.  If not specified, the token located in <tt>$HOME/.vault-token<tt> will be used if it exists.</td>
+  </tr>
+  <tr>
+    <td><tt>VAULT_ADDR</tt></td>
+    <td>The address of the Vault server.</td>
+  </tr>
+  <tr>
+    <td><tt>VAULT_CACERT</tt></td>
+    <td>Path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.</td>
+  </tr>
+  <tr>
+    <td><tt>VAULT_CAPATH</tt></td>
+    <td>Path to a directory of PEM-encoded CA cert files to verify the Vault server SSL certificate.  If <tt>VAULT_CACERT</tt> is specified, its value will take precedence.</td>
+  </tr>
+  <tr>
+    <td><tt>VAULT_CLIENT_CERT</tt></td>
+    <td>Path to a PEM-encoded client certificate for TLS authentication to the Vault server.</td>
+  </tr>
+  <tr>
+    <td><tt>VAULT_CLIENT_KEY</tt></td>
+    <td>Path to an unencrypted PEM-encoded private key matching the client certificate.</td>
+  </tr>
+  <tr>
+    <td><tt>VAULT_SKIP_VERIFY</tt></td>
+    <td>If set, do not verify Vault's presented certificate before communicating with it.  Setting this variable is not recommended except during testing.</td>
+  </tr>
+</table>
diff --git a/website/source/layouts/docs.erb b/website/source/layouts/docs.erb
index 62c7c64286..ce343b65f4 100644
--- a/website/source/layouts/docs.erb
+++ b/website/source/layouts/docs.erb
@@ -86,6 +86,9 @@
 						<li<%= sidebar_current("docs-commands-readwrite") %>>
 							<a href="/docs/commands/read-write.html">Reading and Writing Data</a>
 						</li>
+						<li<%= sidebar_current("docs-commands-environment") %>>
+							<a href="/docs/commands/environment.html">Environment Variables</a>
+						</li>
 					</ul>
 				</li>
 

Variable name	Value
`VAULT_TOKEN`	The Vault authentication token. If not specified, the token located in `$HOME/.vault-token will be used if it exists.`
`VAULT_ADDR`	The address of the Vault server.
`VAULT_CACERT`	Path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.
`VAULT_CAPATH`	Path to a directory of PEM-encoded CA cert files to verify the Vault server SSL certificate. If `VAULT_CACERT` is specified, its value will take precedence.
`VAULT_CLIENT_CERT`	Path to a PEM-encoded client certificate for TLS authentication to the Vault server.
`VAULT_CLIENT_KEY`	Path to an unencrypted PEM-encoded private key matching the client certificate.
`VAULT_SKIP_VERIFY`	If set, do not verify Vault's presented certificate before communicating with it. Setting this variable is not recommended except during testing.