diff --git a/confluent_server/confluent/config/attributes.py b/confluent_server/confluent/config/attributes.py
index 52cc43ee..48062153 100644
--- a/confluent_server/confluent/config/attributes.py
+++ b/confluent_server/confluent/config/attributes.py
@@ -101,10 +101,10 @@ node = {
         'description': ('Crypt of api key for self api requests by node'),
     },
     'api.armed': {
-        'description': ('Indicates whether an insecure api key request is allowed. '
-                        'The format is an expiration time in ISO8601 format. When '
-                        'the indicated time passes or the first time a node claims '
-                        'the key, key grants will not be allowed.'),
+        'description': ('Indicates whether the node authentication token interface '
+                        'is armed.  If set to once, it will grant only the next '
+                        'request. If set to continuous, will allow many requests.'
+                        'Should not be set unless an OS deployment is pending.'),
     },
     #'id': {
     #    'description': ('Numeric identifier for node')
diff --git a/confluent_server/confluent/credserver.py b/confluent_server/confluent/credserver.py
index 9f7d5f14..3017fd61 100644
--- a/confluent_server/confluent/credserver.py
+++ b/confluent_server/confluent/credserver.py
@@ -39,7 +39,7 @@ class CredServer(object):
                 client.close()
                 continue
             self.gpool.spawn_n(self.handle_client, client)
-    
+
     def handle_client(self, client):
             client.send('\xc2\xd1-\xa8\x80\xd8j\xba')
             tlv = bytearray(client.recv(2))
@@ -53,12 +53,13 @@ class CredServer(object):
             if not apiarmed:
                 client.close()
                 return
-            now = datetime.datetime.utcnow()
-            expiry = datetime.datetime.strptime(apiarmed, "%Y-%m-%dT%H:%M:%SZ")
-            if now > expiry:
-                self.cfm.set_node_attributes({nodename: {'api.armed': ''}})
-                client.close()
-                return
+            if apiarmed not in ('armed', 'continuous'):
+                now = datetime.datetime.utcnow()
+                expiry = datetime.datetime.strptime(apiarmed, "%Y-%m-%dT%H:%M:%SZ")
+                if now > expiry:
+                    self.cfm.set_node_attributes({nodename: {'api.armed': ''}})
+                    client.close()
+                    return
             client.send(b'\x02\x20')
             rttoken = os.urandom(32)
             client.send(rttoken)
@@ -76,9 +77,10 @@ class CredServer(object):
                 client.close()
                 return
             echotoken = client.recv(tlv[1])
-            self.cfm.set_node_attributes({nodename: {'api.key': echotoken, 'api.armed': ''}})
+            if apiarmed != 'continuous':
+                self.cfm.set_node_attributes({nodename: {'api.key': echotoken, 'api.armed': ''}})
             client.recv(2)  # drain end of message
-            client.send('\x05\x00') # report success     
+            client.send('\x05\x00') # report success
             client.close()
 
 if __name__ == '__main__':