diff --git a/app/app.js b/app/app.js
index a015109..e866511 100644
--- a/app/app.js
+++ b/app/app.js
@@ -52,7 +52,10 @@ if (process.env.NODE_ENV !== 'test') {
 
 // Use Keycloak OIDC Middleware
 if (config.has('keycloak.enabled')) {
+  log.info('Running in authenticated mode');
   app.use(keycloak.middleware());
+} else {
+  log.info('Running in public mode');
 }
 
 // Block requests until service is ready and mounted
diff --git a/app/src/components/keycloak.js b/app/src/components/keycloak.js
index f3ebe66..c5aac02 100644
--- a/app/src/components/keycloak.js
+++ b/app/src/components/keycloak.js
@@ -4,11 +4,11 @@ const Keycloak = require('keycloak-connect');
 module.exports = new Keycloak({}, {
   bearerOnly: true,
   'confidential-port': 0,
-  clientId: config.get('keycloak.clientId'),
+  clientId: config.has('keycloak.clientId') ? config.get('keycloak.clientId') : undefined,
   'policy-enforcer': {},
   realm: config.get('keycloak.realm'),
   realmPublicKey: config.has('keycloak.publicKey') ? config.get('keycloak.publicKey') : undefined,
-  secret: config.get('keycloak.clientSecret'),
+  secret: config.has('keycloak.clientSecret') ? config.get('keycloak.clientSecret') : undefined,
   serverUrl: config.get('keycloak.serverUrl'),
   'ssl-required': 'external',
   'use-resource-role-mappings': true,
diff --git a/app/src/routes/v1/index.js b/app/src/routes/v1/index.js
index 645bf8f..363f890 100644
--- a/app/src/routes/v1/index.js
+++ b/app/src/routes/v1/index.js
@@ -8,7 +8,7 @@ const healthRouter = require('./health');
 const { protect } = require('../../middleware/authorization');
 const { getDocs, getJsonSpec, getYamlSpec } = require('../../middleware/openapi');
 
-const clientId = config.get('keycloak.clientId');
+const clientId = config.has('keycloak.enabled') ? config.get('keycloak.clientId') : '';
 const version = 'v1';
 
 /** Base Responder */