Two changes have been made to the "auth" section of the automation configuration:

1. An optional "disabled" key has been added. It takes a boolean. If set to true, auth is disabled. Whereas before auth would only be disabled if the auth section was left out entirely, now you can add users and roles while keeping auth disabled. This gives the user time to change their client applications to turn on authentication before turning it on on the servers. "disabled" defaults to false if left unspecified.

2. "key" and "keyfile" are no longer required if "disabled" is set to true