diff --git a/scripts/arcanist.php b/scripts/arcanist.php
--- a/scripts/arcanist.php
+++ b/scripts/arcanist.php
@@ -204,9 +204,6 @@
   if ($force_conduit_version) {
     $workflow->forceConduitVersion($force_conduit_version);
   }
-  if ($force_token) {
-    $workflow->forceConduitToken($force_token);
-  }
   if ($conduit_timeout) {
     $workflow->setConduitTimeout($conduit_timeout);
   }
@@ -316,6 +313,9 @@
   $user_name = idx($host_config, 'user');
   $certificate = idx($host_config, 'cert');
   $conduit_token = idx($host_config, 'token');
+  if ($force_token) {
+    $conduit_token = $force_token;
+  }
 
   $description = implode(' ', $original_argv);
   $credentials = array(
diff --git a/src/workflow/ArcanistWorkflow.php b/src/workflow/ArcanistWorkflow.php
--- a/src/workflow/ArcanistWorkflow.php
+++ b/src/workflow/ArcanistWorkflow.php
@@ -48,7 +48,6 @@
   private $conduitCredentials;
   private $conduitAuthenticated;
   private $forcedConduitVersion;
-  private $forcedConduitToken;
   private $conduitTimeout;
 
   private $userPHID;
@@ -253,21 +252,6 @@
 
 
   /**
-   * Force use of a specific API token.
-   *
-   * Controlled by the --conduit-token flag.
-   *
-   * @param string API token to use.
-   * @return this
-   * @task conduit
-   */
-  final public function forceConduitToken($token) {
-    $this->forcedConduitToken = $token;
-    return $this;
-  }
-
-
-  /**
    * Get the protocol version the client should identify with.
    *
    * @return int Version the client should claim to be.
@@ -341,13 +325,7 @@
       // If we have `token`, this server supports the simpler, new-style
       // token-based authentication. Use that instead of all the certificate
       // stuff.
-      $token = null;
-      if (isset($credentials['token'])) {
-        $token = $credentials['token'];
-      }
-      if ($this->forcedConduitToken) {
-        $token = $this->forcedConduitToken;
-      }
+      $token = idx($credentials, 'token');
       if (strlen($token)) {
         $conduit = $this->getConduit();