diff --git a/ui/packages/consul-ui/app/routes/application.js b/ui/packages/consul-ui/app/routes/application.js
index dd81c3498..8f4838c95 100644
--- a/ui/packages/consul-ui/app/routes/application.js
+++ b/ui/packages/consul-ui/app/routes/application.js
@@ -16,23 +16,26 @@ export default class ApplicationRoute extends Route.extend(WithBlockingActions)
   async model() {
     if (this.env.var('CONSUL_ACLS_ENABLED')) {
       const secret = this.env.var('CONSUL_HTTP_TOKEN');
-      const existing = await this.settings.findBySlug('token');
-      if (!existing.AccessorID && secret) {
-        try {
-          const token = await this.tokenRepo.self({
-            secret: secret,
-            dc: this.env.var('CONSUL_DATACENTER_LOCAL'),
-          });
-          await this.settings.persist({
-            token: {
-              AccessorID: token.AccessorID,
-              SecretID: token.SecretID,
-              Namespace: token.Namespace,
-              Partition: token.Partition,
-            },
-          });
-        } catch (e) {
-          runInDebug((_) => console.error(e));
+      if (secret) {
+        const existing = await this.settings.findBySlug('token');
+
+        if (secret && secret !== existing.SecretID) {
+          try {
+            const token = await this.tokenRepo.self({
+              secret: secret,
+              dc: this.env.var('CONSUL_DATACENTER_LOCAL'),
+            });
+            await this.settings.persist({
+              token: {
+                AccessorID: token.AccessorID,
+                SecretID: token.SecretID,
+                Namespace: token.Namespace,
+                Partition: token.Partition,
+              },
+            });
+          } catch (e) {
+            runInDebug((_) => console.error(e));
+          }
         }
       }
     }