diff --git a/cmd/gateclient/client.go b/cmd/gateclient/client.go
index ebcfc219..f0fa5519 100644
--- a/cmd/gateclient/client.go
+++ b/cmd/gateclient/client.go
@@ -263,6 +263,17 @@ func userConfig(gateClient *GatewayClient, configLocation string) error {
 	// but unmarshal to an upstream oauth package, so the cached token needs to match
 	// https://godoc.org/golang.org/x/oauth2#Token
 	if yamlFile != nil {
+
+		err = yaml.UnmarshalStrict([]byte(string(yamlFile)), &gateClient.Config)
+		if err != nil {
+			gateClient.ui.Error(fmt.Sprintf("Could not deserialize config file with contents: %s, failing.", yamlFile))
+			return err
+		}
+
+		if gateClient.Config.Auth.DisabeSystemEnvironment {
+			return nil
+		}
+
 		err = yaml.UnmarshalStrict([]byte(os.ExpandEnv(string(yamlFile))), &gateClient.Config)
 		if err != nil {
 			gateClient.ui.Error(fmt.Sprintf("Could not deserialize config file with contents: %s, failing.", yamlFile))
diff --git a/config/auth/authconfig.go b/config/auth/authconfig.go
index ea2abfe1..16a84a5b 100644
--- a/config/auth/authconfig.go
+++ b/config/auth/authconfig.go
@@ -25,14 +25,15 @@ import (
 
 // Config is the CLI's authentication configuration.
 type Config struct {
-	Enabled          bool           `json:"enabled" yaml:"enabled"`
-	IgnoreRedirects  bool           `json:"ignoreRedirects" yaml:"ignoreRedirects"`
-	IgnoreCertErrors bool           `json:"ignoreCertErrors" yaml:"ignoreCertErrors"`
-	X509             *x509.Config   `json:"x509,omitempty" yaml:"x509,omitempty"`
-	OAuth2           *oauth2.Config `json:"oauth2,omitempty" yaml:"oauth2,omitempty"`
-	Basic            *basic.Config  `json:"basic,omitempty" yaml:"basic,omitempty"`
-	Iap              *config.Config `json:"iap,omitempty" yaml:"iap,omitempty"`
-	Ldap             *ldap.Config   `json:"ldap,omitempty" yaml:"ldap,omitempty"`
+	Enabled                 bool           `json:"enabled" yaml:"enabled"`
+	DisabeSystemEnvironment bool           `json:"disabeSystemEnvironment" yaml:"DisabeSystemEnvironment"`
+	IgnoreRedirects         bool           `json:"ignoreRedirects" yaml:"ignoreRedirects"`
+	IgnoreCertErrors        bool           `json:"ignoreCertErrors" yaml:"ignoreCertErrors"`
+	X509                    *x509.Config   `json:"x509,omitempty" yaml:"x509,omitempty"`
+	OAuth2                  *oauth2.Config `json:"oauth2,omitempty" yaml:"oauth2,omitempty"`
+	Basic                   *basic.Config  `json:"basic,omitempty" yaml:"basic,omitempty"`
+	Iap                     *config.Config `json:"iap,omitempty" yaml:"iap,omitempty"`
+	Ldap                    *ldap.Config   `json:"ldap,omitempty" yaml:"ldap,omitempty"`
 
 	GoogleServiceAccount *gsa.Config `json:"google_service_account,omitempty" yaml:"google_service_account,omitempty"`
 }
diff --git a/config/example.yaml b/config/example.yaml
index fabf9f10..4262563a 100644
--- a/config/example.yaml
+++ b/config/example.yaml
@@ -4,6 +4,8 @@ gate:
   endpoint: https://my-spinnaker-gate:8084
   retryTimeout: 300
 auth:
+  # If your user or password contains "$" character, you need to escape it with this flag:
+  disabeSystemEnvironment: true
   enabled: true
   x509:
     # See https://www.spinnaker.io/setup/security/ssl/ and