diff --git a/README.md b/README.md
index 4475429..fcdf8f3 100644
--- a/README.md
+++ b/README.md
@@ -61,6 +61,8 @@ If your configuration is right and Vault is running on the same host as the agen
 
 `frequency` How often to run the snapshot agent.  Examples: `30s`, `1h`.  See https://golang.org/pkg/time/#ParseDuration for a full list of valid time units.
 
+`timeout` (Optional) Time out when running snapshot. Examples: `300s`, `1h`. Default: `60s`. See https://golang.org/pkg/time/#ParseDuration for a full list of valid time units.
+
 
 ### Default authentication mode
 `role_id` Specifies the role_id used to call the Vault API.  See the authentication steps below.
diff --git a/config/config.go b/config/config.go
index 293ec7a..31dd40f 100644
--- a/config/config.go
+++ b/config/config.go
@@ -14,6 +14,7 @@ type Configuration struct {
 	Address         string      `json:"addr"`
 	Retain          int64       `json:"retain"`
 	Frequency       string      `json:"frequency"`
+	Timeout         string      `json:"timeout,omitempty"`
 	AWS             S3Config    `json:"aws_storage"`
 	Local           LocalConfig `json:"local_storage"`
 	GCP             GCPConfig   `json:"google_storage"`
diff --git a/snapshot_agent/agent.go b/snapshot_agent/agent.go
index 8d6da2b..2a7f3f6 100644
--- a/snapshot_agent/agent.go
+++ b/snapshot_agent/agent.go
@@ -62,6 +62,14 @@ func (s *Snapshotter) ConfigureVaultClient(config *config.Configuration) error {
 	if config.Address != "" {
 		vaultConfig.Address = config.Address
 	}
+
+	if config.Timeout != "" {
+		t, err := time.ParseDuration(config.Timeout)
+		if err == nil {
+			vaultConfig.HttpClient.Timeout = t
+			log.Printf("Vault http client timeout has been set to %s", vaultConfig.HttpClient.Timeout)
+		}
+	}
 	tlsConfig := &vaultApi.TLSConfig{
 		Insecure: true,
 	}