diff --git a/next.config.ts b/next.config.ts
index b2b1c18d..f8f7d841 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -9,6 +9,7 @@ const cloudUrl = process.env.CLOUD_URL || '';
 const collectApiEndpoint = process.env.COLLECT_API_ENDPOINT || '';
 const corsMaxAge = process.env.CORS_MAX_AGE || '';
 const defaultLocale = process.env.DEFAULT_LOCALE || '';
+const disableAuth = process.env.DISABLE_AUTH || '';
 const forceSSL = process.env.FORCE_SSL || '';
 const frameAncestors = process.env.ALLOWED_FRAME_URLS || '';
 const trackerScriptName = process.env.TRACKER_SCRIPT_NAME || '';
@@ -171,6 +172,7 @@ export default {
     cloudUrl,
     currentVersion: pkg.version,
     defaultLocale,
+    disableAuth,
   },
   basePath,
   output: 'standalone',
diff --git a/src/lib/auth.ts b/src/lib/auth.ts
index 890e535f..e38bc66a 100644
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -16,6 +16,21 @@ export function getBearerToken(request: Request) {
 }
 
 export async function checkAuth(request: Request) {
+  // If auth is disabled, return admin user
+  if (process.env.disableAuth) {
+    const adminUser = await getUser('41e2b680-648e-4b09-bcd7-3e2b10c06264');
+    if (adminUser) {
+      adminUser.isAdmin = true;
+      log('Auth disabled, returning admin user');
+      return {
+        token: null,
+        authKey: null,
+        shareToken: null,
+        user: adminUser,
+      };
+    }
+  }
+
   const token = getBearerToken(request);
   const payload = parseSecureToken(token, secret());
   const shareToken = await parseShareToken(request);