diff --git a/docs/Flash_Deploy_Guide.md b/docs/Flash_Deploy_Guide.md
index 1d3b10c..b00cfd7 100644
--- a/docs/Flash_Deploy_Guide.md
+++ b/docs/Flash_Deploy_Guide.md
@@ -82,6 +82,7 @@ flash deploy new <env_name> [--app-name <app_name>]
 
 **Options:**
 - `--app-name <app_name>`: Flash app name (auto-detected if not provided)
+- `--enable-auth`: Enable auth on mothership (sets `RUNPOD_DISABLE_AUTH=false`)
 
 **What it does:**
 1. Creates a FlashApp in RunPod (if first environment for the app)
@@ -1011,6 +1012,11 @@ graph LR
 - This endpoint's ID
 - Used for logging and identification
 
+**RUNPOD_DISABLE_AUTH** (Optional, mothership)
+- Value: `"true"` to disable RunPod auth requirement
+- Set by `flash deploy send` by default for mothership
+- Use `--enable-auth` to set `"false"`
+
 ---
 
 ## State Management
diff --git a/src/runpod_flash/cli/utils/deployment.py b/src/runpod_flash/cli/utils/deployment.py
index 89c61f5..b49a959 100644
--- a/src/runpod_flash/cli/utils/deployment.py
+++ b/src/runpod_flash/cli/utils/deployment.py
@@ -178,6 +178,7 @@ async def reconcile_and_provision_resources(
     local_manifest: Dict[str, Any],
     environment_id: str | None = None,
     show_progress: bool = True,
+    enable_auth: bool = False,
 ) -> Dict[str, str]:
     """Reconcile local manifest with State Manager and provision resources.
 
@@ -193,6 +194,7 @@ async def reconcile_and_provision_resources(
         local_manifest: Local manifest dictionary
         environment_id: Optional environment ID for endpoint provisioning
         show_progress: Whether to show CLI progress
+        enable_auth: If True, enable auth on mothership
 
     Returns:
         Updated manifest with deployment information
@@ -233,6 +235,7 @@ async def reconcile_and_provision_resources(
             resource_config,
             mothership_url="",
             flash_environment_id=environment_id,
+            enable_auth=enable_auth,
         )
         actions.append(
             ("provision", resource_name, manager.get_or_deploy_resource(resource))
@@ -257,6 +260,7 @@ async def reconcile_and_provision_resources(
                 local_config,
                 mothership_url="",
                 flash_environment_id=environment_id,
+                enable_auth=enable_auth,
             )
             actions.append(
                 ("update", resource_name, manager.get_or_deploy_resource(resource))
@@ -399,10 +403,16 @@ def validate_local_manifest() -> Dict[str, Any]:
 
 
 async def deploy_to_environment(
-    app_name: str, env_name: str, build_path: Path
+    app_name: str, env_name: str, build_path: Path, enable_auth: bool = False
 ) -> Dict[str, Any]:
     """Deploy current project to environment.
 
+    Args:
+        app_name: Flash application name
+        env_name: Environment name
+        build_path: Path to build artifact
+        enable_auth: If True, enable auth on mothership
+
     Raises:
         runpod_flash.core.resources.app.FlashEnvironmentNotFoundError: If the environment does not exist
         FileNotFoundError: If manifest not found
@@ -428,6 +438,7 @@ async def deploy_to_environment(
             local_manifest,
             environment_id=environment.get("id"),
             show_progress=True,
+            enable_auth=enable_auth,
         )
         log.debug(f"Provisioned {len(resources_endpoints)} resources for {env_name}")
     except Exception as e:
diff --git a/src/runpod_flash/runtime/mothership_provisioner.py b/src/runpod_flash/runtime/mothership_provisioner.py
index cbbd2cf..783e069 100644
--- a/src/runpod_flash/runtime/mothership_provisioner.py
+++ b/src/runpod_flash/runtime/mothership_provisioner.py
@@ -225,6 +225,7 @@ def create_resource_from_manifest(
     resource_data: Dict[str, Any],
     mothership_url: str = "",
     flash_environment_id: Optional[str] = None,
+    enable_auth: bool = False,
 ) -> DeployableResource:
     """Create DeployableResource config from manifest entry.
 
@@ -233,6 +234,7 @@ def create_resource_from_manifest(
         resource_data: Resource configuration from manifest
         mothership_url: Optional mothership URL (for future use with child env vars)
         flash_environment_id: Optional flash environment ID to attach
+        enable_auth: If True, explicitly enable auth on mothership
 
     Returns:
         Configured DeployableResource ready for deployment
@@ -293,6 +295,10 @@ def create_resource_from_manifest(
             env["FLASH_MAIN_FILE"] = resource_data["main_file"]
         if "app_variable" in resource_data:
             env["FLASH_APP_VARIABLE"] = resource_data["app_variable"]
+        if enable_auth:
+            env["RUNPOD_DISABLE_AUTH"] = "false"
+        else:
+            env["RUNPOD_DISABLE_AUTH"] = "true"
 
     # Add "tmp-" prefix for test-mothership deployments
     # Check environment variable set by test-mothership command
diff --git a/tests/unit/runtime/test_mothership_provisioner.py b/tests/unit/runtime/test_mothership_provisioner.py
index 580037a..22c3cba 100644
--- a/tests/unit/runtime/test_mothership_provisioner.py
+++ b/tests/unit/runtime/test_mothership_provisioner.py
@@ -457,6 +457,48 @@ def test_create_resource_from_manifest_default_type(self):
             assert isinstance(resource, ServerlessResource)
             assert resource_name in resource.name
 
+    def test_create_resource_from_manifest_mothership_sets_disable_auth(self):
+        """Test that mothership defaults to RUNPOD_DISABLE_AUTH=true."""
+        from runpod_flash.core.resources.load_balancer_sls_resource import (
+            LoadBalancerSlsResource,
+        )
+
+        resource_name = "lb-api"
+        resource_data = {
+            "resource_type": "LoadBalancerSlsResource",
+            "imageName": "runpod/flash-lb:latest",
+            "is_load_balanced": True,
+            "is_mothership": True,
+        }
+
+        with patch.dict(os.environ, {}, clear=True):
+            resource = create_resource_from_manifest(resource_name, resource_data)
+
+            assert isinstance(resource, LoadBalancerSlsResource)
+            assert resource.env["RUNPOD_DISABLE_AUTH"] == "true"
+
+    def test_create_resource_from_manifest_mothership_enable_auth(self):
+        """Test that enable_auth sets RUNPOD_DISABLE_AUTH=false on mothership."""
+        from runpod_flash.core.resources.load_balancer_sls_resource import (
+            LoadBalancerSlsResource,
+        )
+
+        resource_name = "lb-api"
+        resource_data = {
+            "resource_type": "LoadBalancerSlsResource",
+            "imageName": "runpod/flash-lb:latest",
+            "is_load_balanced": True,
+            "is_mothership": True,
+        }
+
+        with patch.dict(os.environ, {}, clear=True):
+            resource = create_resource_from_manifest(
+                resource_name, resource_data, enable_auth=True
+            )
+
+            assert isinstance(resource, LoadBalancerSlsResource)
+            assert resource.env["RUNPOD_DISABLE_AUTH"] == "false"
+
     def test_create_resource_from_manifest_cli_context_no_runpod_endpoint_id(self):
         """Test resource creation in CLI context without RUNPOD_ENDPOINT_ID.
 
diff --git a/uv.lock b/uv.lock
index ee43bb8..4c2b510 100644
--- a/uv.lock
+++ b/uv.lock
@@ -3194,6 +3194,7 @@ dependencies = [
 dev = [
     { name = "mcp" },
     { name = "mypy" },
+    { name = "pytest" },
     { name = "ruff" },
 ]
 test = [
@@ -3222,6 +3223,7 @@ requires-dist = [
 dev = [
     { name = "mcp", specifier = ">=1.0.0" },
     { name = "mypy", specifier = ">=1.16.1" },
+    { name = "pytest", specifier = ">=9.0.2" },
     { name = "ruff", specifier = ">=0.11.9" },
 ]
 test = [