diff --git a/confidant_client/__init__.py b/confidant_client/__init__.py
index 543183c..69c76f4 100644
--- a/confidant_client/__init__.py
+++ b/confidant_client/__init__.py
@@ -50,7 +50,8 @@ def __init__(
             retries=None,
             backoff=None,
             config_files=None,
-            profile=None
+            profile=None,
+            kms_endpoint_url=None
             ):
         """Create a ConfidantClient object.
 
@@ -78,6 +79,8 @@ def __init__(
             configuration from. First file found will be used. Default:
                 ['~/.confidant', '/etc/confidant/config']
             profile: profile to read config values from.
+            kms_endpoint_url: A URL to override the default endpoint used to
+                access the KMS service. Default: None
         """
         # Set defaults
         self.config = {
@@ -90,7 +93,8 @@ def __init__(
             'assume_role': None,
             'region': None,
             'retries': 0,
-            'backoff': 1
+            'backoff': 1,
+            'kms_endpoint_url': None
         }
         if config_files is None:
             config_files = ['~/.confidant', '/etc/confidant/config']
@@ -108,7 +112,8 @@ def __init__(
             'token_cache_file': token_cache_file,
             'region': region,
             'backoff': backoff,
-            'assume_role': assume_role
+            'assume_role': assume_role,
+            'kms_endpoint_url': kms_endpoint_url
         }
         for key, val in args_config.iteritems():
             if val is not None:
@@ -157,7 +162,8 @@ def __init__(
                 token_version=self.config['token_version'],
                 token_cache_file=self.config['token_cache_file'],
                 token_lifetime=self.config['token_lifetime'],
-                aws_creds=self.aws_creds
+                aws_creds=self.aws_creds,
+                endpoint_url=self.config['kms_endpoint_url']
             )
         except kmsauth.ConfigurationError:
             raise ClientConfigurationError('Error configuring kmsauth client.')
diff --git a/confidant_client/cli.py b/confidant_client/cli.py
index 954c0ba..beff580 100644
--- a/confidant_client/cli.py
+++ b/confidant_client/cli.py
@@ -43,7 +43,8 @@ def _get_client_from_args(args):
         region=args.region,
         retries=args.retries,
         config_files=config_files,
-        profile=args.profile
+        profile=args.profile,
+        kms_endpoint_url=args.kms_endpoint_url
     )
     return client
 
@@ -133,6 +134,10 @@ def _parse_args():
         '--region',
         help='Use the specified region for authentication.'
     )
+    parser.add_argument(
+        '--kms-endpoint-url',
+        help='Use a different endpoint url for the KMS service.'
+    )
     parser.add_argument(
         '--log-level',
         help='Logging verbosity.',