diff --git a/main.go b/main.go
index dc6027c..35153f3 100644
--- a/main.go
+++ b/main.go
@@ -72,12 +72,33 @@ func main() {
 	allowedOriginsStr := flag.String("allowed-origins", os.Getenv("ALLOWED_ORIGINS"), "Comma-separated list of allowed CORS origins")
 
 	// Auth flags
-	authMode := flag.String("auth-mode", "none", "Authentication mode: none, token, multi")
+	defaultAuthMode := os.Getenv("AUTH_MODE")
+	if defaultAuthMode == "" {
+		defaultAuthMode = "none"
+	}
+	authMode := flag.String("auth-mode", defaultAuthMode, "Authentication mode: none, token, multi")
+
 	authToken := flag.String("auth-token", os.Getenv("AUTH_TOKEN"), "Master token for 'token' auth mode")
-	authFile := flag.String("auth-file", "accounts.json", "File to store accounts for 'multi' auth mode")
-	allowReg := flag.Bool("allow-registration", true, "Allow new account generation in 'multi' mode")
-	hashesFile := flag.String("hashes-file", "client_hashes.json", "File to store IP+UA hashes for rate limiting")
-	disableProtection := flag.Bool("disable-protection", false, "Disable rate limiting and bot protection")
+
+	defaultAuthFile := os.Getenv("AUTH_FILE")
+	if defaultAuthFile == "" {
+		defaultAuthFile = "accounts.json"
+	}
+	authFile := flag.String("auth-file", defaultAuthFile, "File to store accounts for 'multi' auth mode")
+
+	defaultAllowReg := true
+	if os.Getenv("ALLOW_REGISTRATION") == "false" {
+		defaultAllowReg = false
+	}
+	allowReg := flag.Bool("allow-registration", defaultAllowReg, "Allow new account generation in 'multi' mode")
+
+	defaultHashesFile := os.Getenv("HASHES_FILE")
+	if defaultHashesFile == "" {
+		defaultHashesFile = "client_hashes.json"
+	}
+	hashesFile := flag.String("hashes-file", defaultHashesFile, "File to store IP+UA hashes for rate limiting")
+
+	disableProtection := flag.Bool("disable-protection", os.Getenv("DISABLE_PROTECTION") == "true", "Disable rate limiting and bot protection")
 
 	flag.Parse()