diff --git a/README.md b/README.md
index eb6d13b..ad37b7a 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,7 @@ Flags:
   -H, --hostname stringArray   URL of an Elasticsearch instance. Can be used multiple times. (default [http://localhost:9200])
   -U, --username string        Username for HTTP Basic Authentication (CHECK_ELASTICSEARCH_USERNAME)
   -P, --password string        Password for HTTP Basic Authentication (CHECK_ELASTICSEARCH_PASSWORD)
+  -b, --bearer string          Specify the Bearer Token for authentication (CHECK_ELASTICSEARCH_BEARER)
       --insecure               Skip the verification of the server's TLS certificate
       --ca-file string         Specify the CA File for TLS authentication (CHECK_ELASTICSEARCH_CA_FILE)
       --cert-file string       Specify the Certificate File for TLS authentication (CHECK_ELASTICSEARCH_CERT_FILE)
diff --git a/cmd/config.go b/cmd/config.go
index 5491e54..37ac988 100644
--- a/cmd/config.go
+++ b/cmd/config.go
@@ -16,7 +16,7 @@ import (
 
 type Config struct {
 	Hostname []string
-	Bearer   string // Currently unused in CLI
+	Bearer   string `env:"CHECK_ELASTICSEARCH_BEARER"`
 	CAFile   string `env:"CHECK_ELASTICSEARCH_CA_FILE"`
 	CertFile string `env:"CHECK_ELASTICSEARCH_CERT_FILE"`
 	KeyFile  string `env:"CHECK_ELASTICSEARCH_KEY_FILE"`
diff --git a/cmd/health_test.go b/cmd/health_test.go
index 8f6c63d..bac6afa 100644
--- a/cmd/health_test.go
+++ b/cmd/health_test.go
@@ -49,6 +49,23 @@ func TestHealthCmd(t *testing.T) {
 			args:     []string{"run", "../main.go", "health", "--username", "username", "--password", "password"},
 			expected: "[OK] - Cluster test is green | nodes=1 data_nodes=1 active_primary_shards=3 active_shards=3\n",
 		},
+		{
+			name: "health-bearer-ok",
+			server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				token := r.Header.Get("Authorization")
+				if token == "Bearer secret" {
+					// Just for testing, this is now how to handle tokens properly
+					w.Header().Set("X-Elastic-Product", "Elasticsearch")
+					w.WriteHeader(http.StatusOK)
+					w.Write([]byte(`{"cluster_name":"test","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"active_primary_shards":3,"active_shards":3,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}`))
+					return
+				}
+				w.WriteHeader(http.StatusUnauthorized)
+				w.Write([]byte(`The Authorization header wasn't set`))
+			})),
+			args:     []string{"run", "../main.go", "--bearer", "secret", "health"},
+			expected: "[OK] - Cluster test is green | nodes=1 data_nodes=1 active_primary_shards=3 active_shards=3\n",
+		},
 		{
 			name: "health-invalid",
 			server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
diff --git a/cmd/root.go b/cmd/root.go
index 9f94033..21531f8 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -47,6 +47,8 @@ func init() {
 		"Username for HTTP Basic Authentication (CHECK_ELASTICSEARCH_USERNAME)")
 	pfs.StringVarP(&cliConfig.Password, "password", "P", "",
 		"Password for HTTP Basic Authentication (CHECK_ELASTICSEARCH_PASSWORD)")
+	pfs.StringVarP(&cliConfig.Bearer, "bearer", "b", "",
+		"Specify the Bearer Token for authentication (CHECK_ELASTICSEARCH_BEARER)")
 	pfs.BoolVar(&cliConfig.Insecure, "insecure", false,
 		"Skip the verification of the server's TLS certificate")
 	pfs.StringVarP(&cliConfig.CAFile, "ca-file", "", "",