diff --git a/.env.example b/.env.example
index 7e706ba..d43ce54 100644
--- a/.env.example
+++ b/.env.example
@@ -112,6 +112,7 @@ SMTP_FROM=noreply@experimenta.science
 # INTERNAL PAGES (Styleguide, Admin)
 # ==============================================
 # HTTP Basic Auth credentials for /internal/* routes
+INTERNAL_AUTH_ENABLED=true
 INTERNAL_AUTH_USERNAME=experimenta
 INTERNAL_AUTH_PASSWORD=change-me-to-secure-password
 
diff --git a/nuxt.config.ts b/nuxt.config.ts
index d203f4d..695ab9e 100644
--- a/nuxt.config.ts
+++ b/nuxt.config.ts
@@ -51,6 +51,7 @@ export default defineNuxtConfig({
     databaseUrl: process.env.DATABASE_URL,
     redisHost: process.env.REDIS_HOST || 'localhost',
     redisPort: process.env.REDIS_PORT || '6379',
+    internalAuthEnabled: ['true', '1'].includes(process.env.INTERNAL_AUTH_ENABLED || '') || false,
     internalAuthUsername: process.env.INTERNAL_AUTH_USERNAME || '',
     internalAuthPassword: process.env.INTERNAL_AUTH_PASSWORD || '',
 
@@ -97,4 +98,4 @@ export default defineNuxtConfig({
       },
     },
   },
-})
\ No newline at end of file
+})
diff --git a/server/middleware/internal-auth.ts b/server/middleware/internal-auth.ts
index 4d8641c..c1c3696 100644
--- a/server/middleware/internal-auth.ts
+++ b/server/middleware/internal-auth.ts
@@ -13,13 +13,20 @@ export default defineEventHandler((event) => {
 
   const config = useRuntimeConfig()
 
+  // Skip auth if internal auth is not enabled
+  if (!config.internalAuthEnabled) {
+    return
+  }
+
   // Get credentials from environment variables
   const validUsername = config.internalAuthUsername
   const validPassword = config.internalAuthPassword
 
   // Skip auth if credentials are not configured (development convenience)
   if (!validUsername || !validPassword) {
-    console.warn('⚠️  INTERNAL_AUTH_USERNAME or INTERNAL_AUTH_PASSWORD not set. /internal routes are unprotected!')
+    console.warn(
+      '⚠️  INTERNAL_AUTH_USERNAME or INTERNAL_AUTH_PASSWORD not set. /internal routes are unprotected!'
+    )
     return
   }