diff --git a/Creds.hs b/Creds.hs
index 6be9b33916..de3cd2a063 100644
--- a/Creds.hs
+++ b/Creds.hs
@@ -156,7 +156,7 @@ readCacheCredPair storage = maybe Nothing decodeCredPair
 	<$> readCacheCreds (credPairFile storage)
 
 readCacheCreds :: FilePath -> Annex (Maybe Creds)
-readCacheCreds f = liftIO . catchMaybeIO . readFile =<< cacheCredsFile f
+readCacheCreds f = liftIO . catchMaybeIO . readFileStrict =<< cacheCredsFile f
 
 cacheCredsFile :: FilePath -> Annex FilePath
 cacheCredsFile basefile = do
diff --git a/P2P/Auth.hs b/P2P/Auth.hs
new file mode 100644
index 0000000000..5c3feb7132
--- /dev/null
+++ b/P2P/Auth.hs
@@ -0,0 +1,30 @@
+{- P2P protocol, authorization
+ -
+ - Copyright 2016 Joey Hess <id@joeyh.name>
+ -
+ - Licensed under the GNU GPL version 3 or higher.
+ -}
+
+module P2P.Auth where
+
+import Common
+import Utility.AuthToken
+
+import qualified Data.Text as T
+
+-- Use .git/annex/creds/p2p to hold AuthTokens of authorized peers.
+getAuthTokens :: Annex AllowedAuthTokens
+getAuthTokens = allowedAuthTokens <$> getAuthTokens'
+
+getAuthTokens' :: Annex [AuthTokens]
+getAuthTokens' = mapMaybe toAuthToken
+	. map T.pack
+	. lines
+	. fromMaybe []
+	<$> readCacheCreds "tor"
+
+addAuthToken :: AuthToken -> Annex ()
+addAuthToken t = do
+	ts <- getAuthTokens'
+	let d = unlines $ map (T.unpack . fromAuthToken) (t:ts)
+	writeCacheCreds d "tor"
diff --git a/git-annex.cabal b/git-annex.cabal
index fd8ce9ce23..bd8c36063f 100644
--- a/git-annex.cabal
+++ b/git-annex.cabal
@@ -904,6 +904,7 @@ Executable git-annex
     Messages.Internal
     Messages.JSON
     Messages.Progress
+    P2P.Auth
     P2P.IO
     P2P.Protocol
     Remote