diff --git a/.gitignore b/.gitignore
index ca68435..b9175c6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -39,4 +39,7 @@ out/
 
 ### Test files ###
 sqLiteDb.db
-dev/
\ No newline at end of file
+dev/
+
+### Development settings ###
+application.properties
\ No newline at end of file
diff --git a/src/main/java/de/mlessmann/certassist/config/SecurityConfiguration.java b/src/main/java/de/mlessmann/certassist/config/SecurityConfiguration.java
new file mode 100644
index 0000000..c30d79f
--- /dev/null
+++ b/src/main/java/de/mlessmann/certassist/config/SecurityConfiguration.java
@@ -0,0 +1,23 @@
+package de.mlessmann.certassist.config;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@RequiredArgsConstructor(onConstructor_ = @Autowired)
+public class SecurityConfiguration {
+
+    @Bean
+    public SecurityFilterChain securityFilters(HttpSecurity http) throws Exception {
+        // Allow unauthenticated access to OpenAPI and swagger documentation.
+        // This should be removed or at least configurable at some point, but for now, this is fine (tm)
+        http.authorizeHttpRequests(auth -> auth
+                .requestMatchers("/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html")
+                .permitAll());
+        return http.build();
+    }
+}