diff --git a/peach-web/Rocket.toml b/peach-web/Rocket.toml
index d8fe73c..d46d8fb 100644
--- a/peach-web/Rocket.toml
+++ b/peach-web/Rocket.toml
@@ -1,5 +1,7 @@
 [development]
 template_dir = "templates/"
+disable_auth = true
 
 [production]
 template_dir = "templates/"
+disable_auth = false
diff --git a/peach-web/src/routes/authentication.rs b/peach-web/src/routes/authentication.rs
index 7073a0c..2743e19 100644
--- a/peach-web/src/routes/authentication.rs
+++ b/peach-web/src/routes/authentication.rs
@@ -1,12 +1,13 @@
-use std::env;
-
 use log::info;
 use rocket::form::{Form, FromForm};
-use rocket::request::FlashMessage;
+use rocket::http::{Cookie, CookieJar, Status};
+use rocket::request::{self, FlashMessage, FromRequest, Request};
 use rocket::response::{Flash, Redirect};
-use rocket::serde::json::Json;
-use rocket::serde::{Deserialize, Serialize};
-use rocket::{get, post};
+use rocket::serde::{
+    json::{Json, Value},
+    Deserialize, Serialize,
+};
+use rocket::{get, post, Config};
 use rocket_dyn_templates::Template;
 
 use peach_lib::error::PeachError;
@@ -14,9 +15,6 @@ use peach_lib::password_utils;
 
 use crate::error::PeachWebError;
 use crate::utils::{build_json_response, TemplateOrRedirect};
-use rocket::http::{Cookie, CookieJar, Status};
-use rocket::request::{self, FromRequest, Request};
-use rocket::serde::json::Value;
 
 // HELPERS AND STRUCTS FOR AUTHENTICATION WITH COOKIES
 
@@ -44,10 +42,15 @@ impl<'r> FromRequest<'r> for Authenticated {
     type Error = LoginError;
 
     async fn from_request(req: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
-        // check for disable auth env var; set to false if unset
-        let authentication_is_disabled =
-            env::var("DISABLE_ROCKET_AUTH").unwrap_or_else(|_| "false".to_string());
-        if authentication_is_disabled == "true" {
+        // check for `disable_auth` config value; set to `false` if unset
+        // can be set via the `ROCKET_DISABLE_AUTH` environment variable
+        //  - env var, if set, takes precedence over value defined in `Rocket.toml`
+        let authentication_is_disabled: bool = match Config::figment().find_value("disable_auth") {
+            // deserialize the boolean value; set to `false` if an error is encountered
+            Ok(value) => value.deserialize().unwrap_or(false),
+            Err(_) => false,
+        };
+        if authentication_is_disabled {
             let auth = Authenticated {};
             request::Outcome::Success(auth)
         } else {