diff --git a/cli/packages/util/folders.go b/cli/packages/util/folders.go
index 0f837ee71a..bccf11dbc7 100644
--- a/cli/packages/util/folders.go
+++ b/cli/packages/util/folders.go
@@ -19,7 +19,7 @@ func GetAllFolders(params models.GetAllFoldersParameters) ([]models.SingleFolder
 
 	var foldersToReturn []models.SingleFolder
 	var folderErr error
-	if params.InfisicalToken == "" {
+	if params.InfisicalToken == "" && params.UniversalAuthAccessToken == "" {
 
 		log.Debug().Msg("GetAllFolders: Trying to fetch folders using logged in details")
 
@@ -44,11 +44,21 @@ func GetAllFolders(params models.GetAllFoldersParameters) ([]models.SingleFolder
 		folders, err := GetFoldersViaJTW(loggedInUserDetails.UserCredentials.JTWToken, workspaceFile.WorkspaceId, params.Environment, params.FoldersPath)
 		folderErr = err
 		foldersToReturn = folders
-	} else {
+	} else if params.InfisicalToken != "" {
 		// get folders via service token
 		folders, err := GetFoldersViaServiceToken(params.InfisicalToken, params.WorkspaceId, params.Environment, params.FoldersPath)
 		folderErr = err
 		foldersToReturn = folders
+	} else if params.UniversalAuthAccessToken != "" {
+
+		if params.WorkspaceId == "" {
+			PrintErrorMessageAndExit("Workspace ID is required when using machine identity")
+		}
+
+		// get folders via machine identity
+		folders, err := GetFoldersViaMachineIdentity(params.UniversalAuthAccessToken, params.WorkspaceId, params.Environment, params.FoldersPath)
+		folderErr = err
+		foldersToReturn = folders
 	}
 	return foldersToReturn, folderErr
 }
@@ -132,6 +142,34 @@ func GetFoldersViaServiceToken(fullServiceToken string, workspaceId string, envi
 	return folders, nil
 }
 
+func GetFoldersViaMachineIdentity(accessToken string, workspaceId string, envSlug string, foldersPath string) ([]models.SingleFolder, error) {
+	httpClient := resty.New()
+	httpClient.SetAuthToken(accessToken).
+		SetHeader("Accept", "application/json")
+
+	getFoldersRequest := api.GetFoldersV1Request{
+		WorkspaceId: workspaceId,
+		Environment: envSlug,
+		FoldersPath: foldersPath,
+	}
+
+	apiResponse, err := api.CallGetFoldersV1(httpClient, getFoldersRequest)
+	if err != nil {
+		return nil, err
+	}
+
+	var folders []models.SingleFolder
+
+	for _, folder := range apiResponse.Folders {
+		folders = append(folders, models.SingleFolder{
+			Name: folder.Name,
+			ID:   folder.ID,
+		})
+	}
+
+	return folders, nil
+}
+
 // CreateFolder creates a folder in Infisical
 func CreateFolder(params models.CreateFolderParameters) (models.SingleFolder, error) {
 	loggedInUserDetails, err := GetCurrentLoggedInUserDetails()
diff --git a/cli/packages/util/helper.go b/cli/packages/util/helper.go
index 11b3396dc2..4d8074ddd5 100644
--- a/cli/packages/util/helper.go
+++ b/cli/packages/util/helper.go
@@ -9,8 +9,11 @@ import (
 	"os/exec"
 	"path"
 	"strings"
+	"time"
 
+	"github.com/Infisical/infisical-merge/packages/api"
 	"github.com/Infisical/infisical-merge/packages/models"
+	"github.com/go-resty/resty/v2"
 	"github.com/spf13/cobra"
 )
 
@@ -78,6 +81,53 @@ func GetInfisicalServiceToken(cmd *cobra.Command) (serviceToken string, err erro
 	return infisicalToken, nil
 }
 
+func GetInfisicalUniversalAuthAccessToken(cmd *cobra.Command) (accessToken string, err error) {
+
+	var token string
+
+	universalAuthClientId, err := cmd.Flags().GetString("universal-auth-client-id")
+	if err != nil {
+		return token, err
+	}
+	universalAuthClientSecret, err := cmd.Flags().GetString("universal-auth-client-secret")
+	if err != nil {
+		return token, err
+	}
+
+	if universalAuthClientId == "" {
+		universalAuthClientId = os.Getenv(INFISICAL_UNIVERSAL_AUTH_CLIENT_ID)
+	}
+
+	if universalAuthClientSecret == "" {
+		universalAuthClientSecret = os.Getenv(INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET)
+	}
+
+	if universalAuthClientId != "" || universalAuthClientSecret != "" {
+		res, err := UniversalAuthLogin(universalAuthClientId, universalAuthClientSecret)
+
+		if err != nil {
+			return token, err
+		}
+		token = res.AccessToken
+	}
+
+	return token, nil
+}
+
+func UniversalAuthLogin(clientId string, clientSecret string) (api.UniversalAuthLoginResponse, error) {
+	httpClient := resty.New()
+	httpClient.SetRetryCount(10000).
+		SetRetryMaxWaitTime(20 * time.Second).
+		SetRetryWaitTime(5 * time.Second)
+
+	tokenResponse, err := api.CallUniversalAuthLogin(httpClient, api.UniversalAuthLoginRequest{ClientId: clientId, ClientSecret: clientSecret})
+	if err != nil {
+		return api.UniversalAuthLoginResponse{}, err
+	}
+
+	return tokenResponse, nil
+}
+
 // Checks if the passed in email already exists in the users slice
 func ConfigContainsEmail(users []models.LoggedInUser, email string) bool {
 	for _, value := range users {