diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2062c25..af1e707 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,6 +24,7 @@ This document outlines major changes between releases.
 - Add new `kludge.use_default_xmlns_for_complete_multipart` config param (TrueCloudLab#40)
 - Support dump metrics descriptions (#80)
 - Support impersonate bearer token (#81)
+- Return bearer token in `s3-authmate obtain-secret` result (#132)
 
 ### Changed
 - Remove object from tree and reset its cache on object deletion when it is already removed from storage (#78)
diff --git a/authmate/authmate.go b/authmate/authmate.go
index ca0633d..451b027 100644
--- a/authmate/authmate.go
+++ b/authmate/authmate.go
@@ -137,7 +137,7 @@ type (
 	}
 
 	obtainingResult struct {
-		BearerToken     *bearer.Token `json:"-"`
+		BearerToken     *bearer.Token `json:"bearer_token"`
 		SecretAccessKey string        `json:"secret_access_key"`
 	}
 )
diff --git a/docs/authmate.md b/docs/authmate.md
index 42dc994..94c3921 100644
--- a/docs/authmate.md
+++ b/docs/authmate.md
@@ -24,7 +24,7 @@ potentially).
    2. [Bearer tokens](#bearer-tokens)
    3. [Session tokens](#session-tokens)
    4. [Containers policy](#containers-policy)
-3. [Obtainment of a secret](#obtainment-of-a-secret-access-key)
+3. [Obtainment of a secret](#obtaining-credential-secrets)
 4. [Generate presigned url](#generate-presigned-url)
 
 ## Generation of wallet
@@ -252,9 +252,9 @@ can be set via parameter `--container-policy` (json-string and file path allowed
 }
 ```
 
-## Obtainment of a secret access key
+## Obtaining credential secrets
 
-You can get a secret access key associated with an access key ID by obtaining a
+You can get a secret access key and bearer token associated with an access key ID by obtaining a
 secret stored on the FrostFS network. Here is an example of providing one password (for `wallet.json`) via env variable
 and the other (for `gate-wallet.json`) interactively:
 
@@ -267,6 +267,25 @@ frostfs-s3-authmate obtain-secret --wallet wallet.json \
 
 Enter password for gate-wallet.json >
 {
+  "bearer_token": {
+    "body": {
+      "eaclTable": null,
+      "ownerID": {
+        "value": "Naq5pfYuroaGE7h9o5iQsPR/1aRe5gmWrg=="
+      },
+      "lifetime": {
+        "exp": "10813",
+        "nbf": "13",
+        "iat": "13"
+      },
+      "allowImpersonate": true
+    },
+    "signature": {
+      "key": "Axpsb7vfAso1F0X6hrm6WpRS14WsT3/Ct1SMoqRsT89K",
+      "signature": "BMIOqcNEwTughI26ivFw7vnGyzhWip8NsgSYTTf21aVkv0AH7bgE9R91gglYgS6tGNVcWZMTisYCJCT3OEQ9lkw=",
+      "scheme": "ECDSA_SHA512"
+    }
+  },
   "secret_access_key": "438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c"
 }
 ```