diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h
index 49cd9e16..e1f1faa8 100644
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -2261,6 +2261,13 @@ int crypt_token_register(const crypt_token_handler *handler);
  */
 int crypt_token_external_support(void);
 
+/**
+ * Report configured path where library searches for external token handlers
+ *
+ * @return @e absolute path when external tokens are enabled or @e NULL otherwise.
+ */
+const char *crypt_token_external_path(void);
+
 /**
  * Disable external token handlers (plugins) support
  * If disabled, it cannot be enabled again.
diff --git a/lib/libcryptsetup.sym b/lib/libcryptsetup.sym
index 76eda403..146bcf93 100644
--- a/lib/libcryptsetup.sym
+++ b/lib/libcryptsetup.sym
@@ -144,4 +144,5 @@ CRYPTSETUP_2.4 {
 		crypt_format;
 		crypt_token_external_support;
 		crypt_token_external_disable;
+		crypt_token_external_path;
 } CRYPTSETUP_2.0;
diff --git a/lib/luks2/luks2_token.c b/lib/luks2/luks2_token.c
index 583883b3..efdd785b 100644
--- a/lib/luks2/luks2_token.c
+++ b/lib/luks2/luks2_token.c
@@ -54,6 +54,11 @@ int crypt_token_external_support(void)
 	return external_tokens_enabled ? 0 : -ENOTSUP;
 }
 
+const char *crypt_token_external_path(void)
+{
+	return external_tokens_enabled ? EXTERNAL_LUKS2_TOKENS_PATH : NULL;
+}
+
 #if USE_EXTERNAL_TOKENS
 static void *token_dlvsym(struct crypt_device *cd,
 		void *handle,
@@ -147,7 +152,7 @@ crypt_token_load_external(struct crypt_device *cd, const char *name, struct cryp
 
 	token = &ret->u.v2;
 
-	r = snprintf(buf, sizeof(buf), "%s/libcryptsetup-token-%s.so", EXTERNAL_LUKS2_TOKENS_PATH, name);
+	r = snprintf(buf, sizeof(buf), "%s/libcryptsetup-token-%s.so", crypt_token_external_path(), name);
 	if (r < 0 || (size_t)r >= sizeof(buf))
 		return -EINVAL;