diff --git a/Readme.md b/Readme.md
index 7778b6b..88a0c16 100644
--- a/Readme.md
+++ b/Readme.md
@@ -381,6 +381,7 @@ registry:
       --registry.https-insecure           Set https connection to registry insecure [$RA_REGISTRY_HTTPS_INSECURE]
       --registry.service:                 A service name which defined in registry settings [$RA_REGISTRY_SERVICE]
       --registry.issuer:                  A token issuer name which defined in registry settings [$RA_REGISTRY_ISSUER]
+      --registry.token-ttl:               Define registry auth token TTL (in seconds). Default value 60 seconds. [$RA_REGISTRY_TOKEN_TTL]
       --registry.gc-interval:             Use for define custom time interval for garbage collector execute (minutes), default 1 hours [$RA_REGISTRY_GC_INTERVAL]
 
 certs:
diff --git a/app/cmd/cmd.go b/app/cmd/cmd.go
index 4fcc22d..0ce5f14 100644
--- a/app/cmd/cmd.go
+++ b/app/cmd/cmd.go
@@ -201,6 +201,7 @@ func createRegistryConnection(opts RegistryGroup) (*registry.Registry, error) {
 		registrySettings.Service = opts.Service
 		registrySettings.Issuer = opts.Issuer
 		registrySettings.AuthType = registry.SelfToken
+		registrySettings.TokenTTL = opts.TokenTTL
 	default:
 		return nil, errors.Errorf("registry auth type '%s' not support", opts.AuthType)
 	}
diff --git a/app/cmd/cmd_test.go b/app/cmd/cmd_test.go
index be117b0..f8fa174 100644
--- a/app/cmd/cmd_test.go
+++ b/app/cmd/cmd_test.go
@@ -162,7 +162,7 @@ func Test_createRegistryConnection(t *testing.T) {
 				PublicKey string
 				CARoot    string
 				FQDNs     []string `long:"fqdn" env:"FQDN" env-delim:"," description:"FQDN(s) for registry certificates" json:"fqdns" yaml:"fqdns"`
-				IP        string   `long:"ip" env:"IP" description:"Address which appends to certificate SAN (Subject Alternative Name)" json:"ip"`
+				IP        string   `long:"ip" env:"IP" description:"Address which appends to certificate SAN (Subject Alternative Name)" json:"ip" yaml:"ip"`
 				HTTPSCert string   `long:"https-cert" env:"CERT_HTTPS" description:"A path to HTTPS certificate used for TLS access to registry instance" json:"https_cert" yaml:"https_cert"`
 			}{Path: tmpDir + "/", Key: tmpDir + "/test.key", PublicKey: tmpDir + "/test.pub", CARoot: tmpDir + "/test.crt"}),
 		},
diff --git a/app/cmd/options.go b/app/cmd/options.go
index a62a118..fb2fdb3 100644
--- a/app/cmd/options.go
+++ b/app/cmd/options.go
@@ -85,6 +85,7 @@ type RegistryGroup struct {
 	InsecureConnection       bool   `long:"https-insecure" env:"HTTPS_INSECURE" description:"Set https connection to registry insecure" json:"https_insecure" yaml:"https_insecure"`
 	Service                  string `long:"service" env:"SERVICE" description:"A service name which defined in registry settings" json:"service" yaml:"service"`
 	Issuer                   string `long:"issuer" env:"ISSUER" description:"A token issuer name which defined in registry settings" json:"issuer" yaml:"issuer"`
+	TokenTTL                 int64  `long:"token-ttl" env:"TOKEN_TTL" description:"Define registry auth token TTL (in second). Default value 60 seconds." json:"token_ttl" yaml:"token_ttl"`
 	GarbageCollectorInterval int64  `long:"gc-interval" env:"GC_INTERVAL" description:"Use for define custom time interval for garbage collector execute (minutes), default 1 hours" json:"gc_interval" yaml:"gc_interval"`
 	Certs                    struct {
 		Path      string   `long:"path" env:"CERT_PATH" description:"A path to directory where will be stored new self-signed cert,keys and CA files, when 'token' auth type is used" json:"path" yaml:"path"`
@@ -94,7 +95,7 @@ type RegistryGroup struct {
 		FQDNs     []string `long:"fqdn" env:"FQDN" env-delim:"," description:"FQDN(s) for registry certificates" json:"fqdns" yaml:"fqdns"`
 		IP        string   `long:"ip" env:"IP" description:"Address which appends to certificate SAN (Subject Alternative Name)" json:"ip" yaml:"ip"`
 		HTTPSCert string   `long:"https-cert" env:"CERT_HTTPS" description:"A path to HTTPS certificate used for TLS access to registry instance" json:"https_cert" yaml:"https_cert"`
-	} `group:"certs" namespace:"certs" env-namespace:"CERTS" json:"certs"`
+	} `group:"certs" namespace:"certs" env-namespace:"CERTS" json:"certs" yaml:"certs"`
 }
 
 // ParseArgs calls flag parser for passing set of extra options defined for all commands
diff --git a/app/registry/registry.go b/app/registry/registry.go
index f97465c..8ec6f8f 100644
--- a/app/registry/registry.go
+++ b/app/registry/registry.go
@@ -79,6 +79,9 @@ type Settings struct {
 	// The name of the token issuer which hosts the resource.
 	Issuer string
 
+	// Override default token expiration time (in seconds), default 60 seconds
+	TokenTTL int64
+
 	// CertificatesPaths define a path to private, public keys and CA certificate.
 	// If CertificatesPaths has all fields are empty, AccessToken will create keys by default, with default path.
 	// If CertificatesPaths has all fields are empty, but certificates files exist AccessToken try to load existed keys and CA file.
@@ -202,14 +205,17 @@ func NewRegistry(login, password string, settings Settings) (*Registry, error) {
 
 	if r.settings.AuthType == SelfToken {
 
+		if settings.TokenTTL == 0 {
+			settings.TokenTTL = defaultTokenExpiration
+		}
 		r.htpasswd = nil // not needed for token auth
 		var err error
 		if certsPathIsFilled {
-			if r.registryToken, err = NewRegistryToken(TokenIssuer(settings.Issuer), CertsName(settings.CertificatesPaths)); err != nil {
+			if r.registryToken, err = NewRegistryToken(TokenIssuer(settings.Issuer), CertsName(settings.CertificatesPaths), TokenExpiration(settings.TokenTTL)); err != nil {
 				return nil, err
 			}
 		} else {
-			r.registryToken, err = NewRegistryToken(TokenIssuer(settings.Issuer))
+			r.registryToken, err = NewRegistryToken(TokenIssuer(settings.Issuer), TokenExpiration(settings.TokenTTL))
 			if err != nil {
 				return nil, err
 			}