diff --git a/.env b/.env
new file mode 100644
index 0000000..75f81e3
--- /dev/null
+++ b/.env
@@ -0,0 +1 @@
+AUTH_TOKEN=
diff --git a/Cargo.lock b/Cargo.lock
index c002443..a2320fe 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -614,6 +614,12 @@ version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "212d0f5754cb6769937f4501cc0e67f4f4483c8d2c3e1e922ee9edbe4ab4c7c0"
 
+[[package]]
+name = "dotenv"
+version = "0.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77c90badedccf4105eca100756a0b1289e191f6fcbdadd3cee1d2f614f97da8f"
+
 [[package]]
 name = "either"
 version = "1.6.1"
@@ -1232,6 +1238,7 @@ dependencies = [
  "actix-web",
  "byte-unit",
  "config",
+ "dotenv",
  "env_logger",
  "futures-util",
  "log",
diff --git a/Cargo.toml b/Cargo.toml
index c14d04e..14e4d85 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -16,6 +16,7 @@ futures-util = "0.3.15"
 config = "0.11.0"
 petname = "1.1.0"
 rand = "0.8.4"
+dotenv = "0.15.0"
 
 [dependencies.byte-unit]
 version = "4.0.12"
diff --git a/config.toml b/config.toml
index 555b312..dd46551 100644
--- a/config.toml
+++ b/config.toml
@@ -3,7 +3,6 @@ address="127.0.0.1:8000"
 #workers=4
 max_content_length="10MB"
 upload_path="./upload"
-#auth_token="" # OOPS_SERVER__AUTH_TOKEN=
 
 [paste]
 pet_names = { enabled = true, words = 2, separator = "-" }
diff --git a/src/config.rs b/src/config.rs
index 4d25741..4b96625 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -22,8 +22,6 @@ pub struct ServerConfig {
     pub max_content_length: Byte,
     /// Storage path.
     pub upload_path: PathBuf,
-    /// Authentication token.
-    pub auth_token: Option<String>,
 }
 
 /// Paste configuration.
diff --git a/src/main.rs b/src/main.rs
index 2be9f10..babb08d 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -7,6 +7,7 @@ use std::io::Result as IoResult;
 
 #[actix_web::main]
 async fn main() -> IoResult<()> {
+    dotenv::dotenv().ok();
     env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));
     let config = Config::parse("config").expect("failed to parse config");
     let server_config = config.server.clone();
diff --git a/src/server.rs b/src/server.rs
index c75c136..195f735 100644
--- a/src/server.rs
+++ b/src/server.rs
@@ -8,6 +8,7 @@ use actix_web::{error, get, post, web, Error, HttpRequest, HttpResponse, Respond
 use byte_unit::Byte;
 use futures_util::stream::StreamExt;
 use std::convert::TryFrom;
+use std::env;
 
 /// Shows the landing page.
 #[get("/")]
@@ -39,13 +40,13 @@ async fn upload(
 ) -> Result<HttpResponse, Error> {
     let connection = request.connection_info();
     let host = connection.remote_addr().unwrap_or("unknown host");
-    if let Some(token) = &config.server.auth_token {
+    if let Ok(token) = env::var("AUTH_TOKEN") {
         let auth_header = request
             .headers()
             .get(AUTHORIZATION)
             .map(|v| v.to_str().unwrap_or_default())
             .map(|v| v.split_whitespace().last().unwrap_or_default());
-        if auth_header != Some(token) {
+        if auth_header.unwrap_or_default() != token {
             log::warn!(
                 "authorization failure for {} (header: {})",
                 host,
