diff --git a/docs/content/configuration/backend/dynamic/auth.emailupdate.enabled.en.md b/docs/content/configuration/backend/dynamic/auth.emailupdate.enabled.en.md
index 5b9c5716160ff8534f832e04697b10712b5179b9..a139c953e6d7cd021710a2686cd4e3a2c2cef894 100644
--- a/docs/content/configuration/backend/dynamic/auth.emailupdate.enabled.en.md
+++ b/docs/content/configuration/backend/dynamic/auth.emailupdate.enabled.en.md
@@ -20,3 +20,4 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter defines w
   * If no operational mailer is configured, the email will be updated right away, without intermediate confirmation.
 * If set to `Off`, users cannot change their emails themselves. Email can only be updated by a [superuser](/kb/permissions/superuser) (for example, at a user's request).
 
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_AUTH_EMAILUPDATE_ENABLED`.
diff --git a/docs/content/configuration/backend/dynamic/auth.login.local.maxattempts.en.md b/docs/content/configuration/backend/dynamic/auth.login.local.maxattempts.en.md
index bada14ec2ad59ae53d88ec2c2b6fad5ff1fb57a3..5a3993a8e4a7807ddf5eae9f7dd7adaacf2fad80 100644
--- a/docs/content/configuration/backend/dynamic/auth.login.local.maxattempts.en.md
+++ b/docs/content/configuration/backend/dynamic/auth.login.local.maxattempts.en.md
@@ -20,3 +20,5 @@ Comentario keeps a counter of failed login attempts for each user.
 * The failed login attempt counter gets reset to zero as soon as the user has successfully logged in.
 
 This mechanism is mostly intended to safeguard users against brute-force attacks on their passwords. In order to disable it, set the value to `0`.
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_AUTH_LOGIN_LOCAL_MAXATTEMPTS`.
diff --git a/docs/content/configuration/backend/dynamic/auth.signup.confirm.commenter.en.md b/docs/content/configuration/backend/dynamic/auth.signup.confirm.commenter.en.md
index 6ad25e5a5a2b64554116e19c9d3baa4b88d4a762..fbb38b3bf276a097653ac5aa22c88b209b3623a0 100644
--- a/docs/content/configuration/backend/dynamic/auth.signup.confirm.commenter.en.md
+++ b/docs/content/configuration/backend/dynamic/auth.signup.confirm.commenter.en.md
@@ -17,3 +17,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure
 * If set to `Off`, commenters will be logged in immediately upon registration. This is not recommended due to security considerations; it may also render the user account unusable in the future if they misspelled their email address.
 
 This setting applies only to websites embedding Comentario. For the Administration UI there's a [separate configuration item](auth.signup.confirm.user).
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_AUTH_SIGNUP_CONFIRM_COMMENTER`.
diff --git a/docs/content/configuration/backend/dynamic/auth.signup.confirm.user.en.md b/docs/content/configuration/backend/dynamic/auth.signup.confirm.user.en.md
index 6a14a1d314dde1387f69e9f464611d4f7d482d22..3aee4ae661267c0089d28e597ba4d70250345c4a 100644
--- a/docs/content/configuration/backend/dynamic/auth.signup.confirm.user.en.md
+++ b/docs/content/configuration/backend/dynamic/auth.signup.confirm.user.en.md
@@ -17,3 +17,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure
 * If set to `Off`, users can log in immediately upon registration. This is not recommended due to security considerations; it may also render the user account unusable in the future if they misspelled their email address.
 
 This setting applies only to the Administration UI. For websites embedding Comentario there's a [separate configuration item](auth.signup.confirm.commenter).
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_AUTH_SIGNUP_CONFIRM_USER`.
diff --git a/docs/content/configuration/backend/dynamic/auth.signup.enabled.en.md b/docs/content/configuration/backend/dynamic/auth.signup.enabled.en.md
index 35acc2ba508a5675aa84cf933b239171615c7dd1..d8a38804110bb81742e41d8822240278b9240b71 100644
--- a/docs/content/configuration/backend/dynamic/auth.signup.enabled.en.md
+++ b/docs/content/configuration/backend/dynamic/auth.signup.enabled.en.md
@@ -20,3 +20,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter controls
 * If set to `Off`, new user registrations are forbidden.
 
 This setting applies only to the Administration UI. It can be useful for (temporarily) preventing new sign-ups.
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_AUTH_SIGNUP_ENABLED`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.author.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.author.en.md
index 9fef72b468a35dc230b5a9f9e0cc751dd28c900c..93f280cf7c6c20d991f7862f85e643d317ee4043 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.author.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.author.en.md
@@ -18,3 +18,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter can be us
 
 * When set to `On`, comment authors will see a *trashcan* button on their comments, which allows them to delete a written comment.
 * If set to `Off`, comments cannot be removed by their authors once submitted  (but possibly can [by domain moderators](domain.defaults.comments.deletion.moderator) if enabled).
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_DELETION_AUTHOR`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.moderator.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.moderator.en.md
index 97c3b3e0da01e53a448606b6f310b3676eaae10d..f1c002f8d6700a250c48abe15add1a6707e36e28 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.moderator.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.moderator.en.md
@@ -18,3 +18,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter can be us
 
 * When set to `On`, users with the moderator or owner [role](/kb/permissions/roles) and [superusers](/kb/permissions/superuser) will see a *trashcan* button on every comment, allowing them to delete any comment on the domain's pages.
 * If set to `Off`, comments cannot be removed by moderators (but possibly can [by their authors](domain.defaults.comments.deletion.author) if enabled).
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_DELETION_MODERATOR`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.author.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.author.en.md
index 346a93b6eb21b4b954274276f0cd5611162978ae..de989f59bc07e8b75ef09c5ebbfe5a786b28c8fe 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.author.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.author.en.md
@@ -17,3 +17,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter can be us
 
 * When set to `On`, comment authors will see a *pencil* button on their comments, which allows them to edit a written comment.
 * If set to `Off`, comments cannot be changed by their authors once submitted (but possibly can [by domain moderators](domain.defaults.comments.editing.moderator) if enabled).
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_EDITING_AUTHOR`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.moderator.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.moderator.en.md
index 0b35d1e394889cbe9cf142bbef1135a253ced4fd..25bfcbf15cc9c697096091bcf82e9248fa4dd6f1 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.moderator.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.moderator.en.md
@@ -17,3 +17,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter can be us
 
 * When set to `On`, users with the moderator or owner [role](/kb/permissions/roles) and [superusers](/kb/permissions/superuser) will see a *pencil* button on every comment, allowing them to edit any comment on the domain's pages.
 * If set to `Off`, comments cannot be changed by moderators (but possibly can [by their authors](domain.defaults.comments.editing.author) if enabled).
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_EDITING_MODERATOR`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.enablevoting.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.enablevoting.en.md
index a2e72f5bb4bde9a5d75dc394b443f3f681c7e4b9..17ec769ea9195642d21d531ca4ed83f5e4c3a1bf 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.enablevoting.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.enablevoting.en.md
@@ -13,3 +13,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter can be us
 
 * When set to `On`, every comment card will contain a score and a set of upvote/downvote buttons. Also, any commenter will be able to upvote or downvote others' comments (bot not those they authored self).
 * If set to `Off`, the score and the voting buttons will be hidden. It will also disable sorting comments by votes.
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_ENABLEVOTING`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.rss.enabled.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.rss.enabled.en.md
index 3981741e8ab531b8868fd563df247941616afa7b..4108ed90984038f83b1469c2a8b3c96bd4e662db 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.rss.enabled.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.rss.enabled.en.md
@@ -21,3 +21,5 @@ When RSS is enabled, the users will be able to subscribe to comment feeds using:
 
 * `RSS` dropdown button under the [comment editor](/kb/comment-editor) (left of the sorting buttons).
 * `Comment RSS feed` links in Domain properties and Domain page properties.
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_RSS_ENABLED`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.showdeleted.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.showdeleted.en.md
index 89b268596e120e8f151465abb389bd023585a16e..f2293dba33e5985011c2a80f6b0de1b2cfe12a97 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.showdeleted.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.showdeleted.en.md
@@ -18,3 +18,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter controls
 * If set to `Off`, deleted comments will be hidden in the comment tree immediately, as well as all its child comments.
 
 This setting doesn't affect comment display in the Administration UI (it has a separate switch for hiding deleted comments).
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_SHOWDELETED`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.text.maxlength.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.text.maxlength.en.md
index a87b2fff7ff4e93ba25b6f0617a73e7a9487e08e..9e068c5aa2cffc9f44c0ea9a2bdaa495044afb84 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.text.maxlength.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.text.maxlength.en.md
@@ -21,3 +21,5 @@ It defines how long comment texts can be on a specific domain, representing the
 
 * The lowest possible value for this setting is the "Twitter limit" of `140` characters.
 * The top (physical) limit is `1048576` (1 MiB).
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_TEXT_MAXLENGTH`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.login.showforunauth.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.login.showforunauth.en.md
index 85b264e659a701a86d3b26b614f84584864fb117..65a29ea4daceffb8b29f49511503d5d8c06e1b0b 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.login.showforunauth.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.login.showforunauth.en.md
@@ -19,3 +19,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter allows to
 * If set to `Off`, the login dialog will be skipped if [commenting without registration](/configuration/frontend/domain/authentication) is enabled for this domain. Otherwise the dialog will be shown and user will be requested to log in or sign up.
 
 When this setting is `Off`, the user can still authenticate explicitly using the `Sign in` button above the comment editor.
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_LOGIN_SHOWFORUNAUTH`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.markdown.images.enabled.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.markdown.images.enabled.en.md
index f229294cfcdc933ffb467f18ad5e8af695e674f8..6af7d884fc22e05375d693a3735d0a09059ba817 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.markdown.images.enabled.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.markdown.images.enabled.en.md
@@ -18,3 +18,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure
 * If set to `Off`, commenters won't be able to insert images, and the corresponding markup will be removed from the resulting text.
 
 This setting only applies to newly written comments and does not affect images in existing comments.
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_MARKDOWN_IMAGES_ENABLED`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.markdown.links.enabled.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.markdown.links.enabled.en.md
index cfaaddcb1dcccf862255327c2d97e3d59c99cd1d..bb171b1e68ad8a64a0f379745467c5584f03a96b 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.markdown.links.enabled.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.markdown.links.enabled.en.md
@@ -18,3 +18,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure
 * If set to `Off`, commenters won't be able to insert links, and the corresponding string will be rendered as plain, non-clickable text.
 
 This setting only applies to newly written comments and does not affect links in existing comments.
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_MARKDOWN_LINKS_ENABLED`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.markdown.tables.enabled.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.markdown.tables.enabled.en.md
index 243affedddcef442d1a2d6a7aec837809a413a96..f38c097e4ffd5537cf99bffd77047c94f379e5ca 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.markdown.tables.enabled.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.markdown.tables.enabled.en.md
@@ -16,5 +16,7 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure
 
 * If set to `On`, commenters can insert [tables](/kb/markdown#tables) in comments.
 * If set to `Off`, commenters won't be able to insert tables, and the corresponding markup will be removed from the resulting text.
- 
+
 This setting only applies to newly written comments and does not affect tables in existing comments.
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_MARKDOWN_TABLES_ENABLED`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablefederated.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablefederated.en.md
index 7a5d92a9e96218bf1fd701774a769b62f3b09a98..c6015fdb58be4c341c39885b2c7931b9bb17ac38 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablefederated.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablefederated.en.md
@@ -21,3 +21,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter controls
 This setting doesn't apply to the Administration UI, which uses a [separate configuration item](auth.signup.enabled) for that.
 
 It also doesn't affect *existing users*, i.e. those already registered. They will be able to log in even when this setting is disabled. To disable federated login completely, switch off undesirable providers in the domain's [authentication settings](/configuration/frontend/domain/authentication).
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_SIGNUP_ENABLEFEDERATED`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablelocal.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablelocal.en.md
index 874d6dc462e8480e5dd2ff498726da6fe563410f..f2dff20e27b525bf42b898880f6747b1856dc9ad 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablelocal.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablelocal.en.md
@@ -23,3 +23,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter controls
 This setting doesn't apply to the Administration UI, which uses a [separate configuration item](auth.signup.enabled) for that.
 
 It also doesn't affect *existing users*. They will be able to log in even when this setting is disabled. To disable login with email/password completely, switch it off in the domain's [authentication settings](/configuration/frontend/domain/authentication).
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_SIGNUP_ENABLELOCAL`.
diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablesso.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablesso.en.md
index 6da28064cec2ef8f4041457aaf5191d1028e4050..86bc68265efb33b87619aa576ab25938cfc5437a 100644
--- a/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablesso.en.md
+++ b/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablesso.en.md
@@ -22,3 +22,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter controls
 * If set to `Off`, SSO registration on websites embedding comments will be forbidden.
 
 This setting doesn't affect *SSO users who are already registered*. They will be able to log in even when this setting is disabled. To disable SSO login completely, switch it off in the domain's [authentication settings](/configuration/frontend/domain/authentication).
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_SIGNUP_ENABLESSO`.
diff --git a/docs/content/configuration/backend/dynamic/integrations.usegravatar.en.md b/docs/content/configuration/backend/dynamic/integrations.usegravatar.en.md
index 8509944d881a4d723c515f3b674815f67d046dd7..b81d1766dea9dee9d4eb17ae939d269f6c4cb9c7 100644
--- a/docs/content/configuration/backend/dynamic/integrations.usegravatar.en.md
+++ b/docs/content/configuration/backend/dynamic/integrations.usegravatar.en.md
@@ -16,3 +16,4 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure
   It also enables the use of Gravatar during import (e.g. from [Commento](/installation/migration/commento) or [WordPress](/installation/migration/wordpress)).
 * If set to `Off`, Gravatar won't be contacted.
 
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_INTEGRATIONS_USEGRAVATAR`.
diff --git a/docs/content/configuration/backend/dynamic/operation.newowner.enabled.en.md b/docs/content/configuration/backend/dynamic/operation.newowner.enabled.en.md
index a3025d96b4c7f6b8b19200a02d2791a1f41dda4a..d2a27b15ad6eb93f4137cdff4de56b282c8c4907 100644
--- a/docs/content/configuration/backend/dynamic/operation.newowner.enabled.en.md
+++ b/docs/content/configuration/backend/dynamic/operation.newowner.enabled.en.md
@@ -15,3 +15,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure
 * If set to `Off`, users without domains (for example, commenters) won't be able to register their own domains in Comentario, and thus become domain owners. Most likely, this is what you want, therefore `Off` is the default.
 
 This setting doesn't affect users who already own at least one domain.
+
+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_OPERATION_NEWOWNER_ENABLED`.
diff --git a/internal/data/dyn_config.go b/internal/data/dyn_config.go
index 0cd0d64e690130216dd3ce1a36313b7b0314ec9c..b9cbd66ac1a9f6f12c3355154f67470c0db0caa3 100644
--- a/internal/data/dyn_config.go
+++ b/internal/data/dyn_config.go
@@ -2,15 +2,21 @@ package data
 
 import (
 	"fmt"
+	"os"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag/conv"
 	"github.com/google/uuid"
+	"github.com/op/go-logging"
 	"gitlab.com/comentario/comentario/internal/api/models"
 )
 
+// logger represents a package-wide logger instance
+var logger = logging.MustGetLogger("data")
+
 // DynConfigItemSectionKey is a key of dynamic configuration item section
 type DynConfigItemSectionKey string
 
@@ -197,6 +203,11 @@ const (
 // ConfigKeyDomainDefaultsPrefix is a prefix given to domain setting keys that turn them into global domain defaults keys
 const ConfigKeyDomainDefaultsPrefix = "domain.defaults."
 
+func getInitialDynConfigItemEnvVar(key DynConfigItemKey) (string, bool) {
+	name := "DYN_DEFAULT_" + strings.ToUpper(strings.ReplaceAll(string(key), ".", "_"))
+	return os.LookupEnv(name)
+}
+
 // DefaultDynInstanceConfig is the default dynamic instance configuration
 var DefaultDynInstanceConfig = DynConfigMap{
 	ConfigKeyAuthEmailUpdateEnabled:                                         {DefaultValue: "false", Datatype: ConfigDatatypeBool, Section: DynConfigItemSectionAuth},
@@ -222,3 +233,15 @@ var DefaultDynInstanceConfig = DynConfigMap{
 	ConfigKeyDomainDefaultsPrefix + DomainConfigKeyFederatedSignupEnabled:   {DefaultValue: "true", Datatype: ConfigDatatypeBool, Section: DynConfigItemSectionAuth},
 	ConfigKeyDomainDefaultsPrefix + DomainConfigKeySsoSignupEnabled:         {DefaultValue: "true", Datatype: ConfigDatatypeBool, Section: DynConfigItemSectionAuth},
 }
+
+func init() {
+	for key, item := range DefaultDynInstanceConfig {
+		value, override := getInitialDynConfigItemEnvVar(key)
+		if override {
+			if err := item.ValidateValue(value); err != nil {
+				logger.Fatalf("bad override for %q: %v", key, err)
+			}
+			item.DefaultValue = value
+		}
+	}
+}