diff --git a/services/tunnelbroker/src/amqp.rs b/services/tunnelbroker/src/amqp.rs
--- a/services/tunnelbroker/src/amqp.rs
+++ b/services/tunnelbroker/src/amqp.rs
@@ -1,14 +1,29 @@
 use crate::CONFIG;
-use lapin::{Connection, ConnectionProperties};
+use lapin::{uri::AMQPUri, Connection, ConnectionProperties};
 use tracing::info;
 
 pub async fn connect() -> Connection {
-  let conn =
-    Connection::connect(&CONFIG.amqp_uri, ConnectionProperties::default())
-      .await
-      .expect("Unable to connect to amqp endpoint");
+  let mut amqp_uri = CONFIG
+    .amqp_uri
+    .parse::<AMQPUri>()
+    .expect("Invalid AMQP URI");
 
-  info!("Connected to amqp endpoint: {}", &CONFIG.amqp_uri);
+  // Allow set / override credentials using env vars
+  if let Some(amqp_user) = from_env("AMQP_USERNAME") {
+    amqp_uri.authority.userinfo.username = amqp_user;
+  }
+  if let Some(amqp_pass) = from_env("AMQP_PASSWORD") {
+    amqp_uri.authority.userinfo.password = amqp_pass;
+  }
 
-  return conn;
+  let conn = Connection::connect_uri(amqp_uri, ConnectionProperties::default())
+    .await
+    .expect("Unable to connect to AMQP endpoint");
+
+  info!("Connected to AMQP endpoint: {}", &CONFIG.amqp_uri);
+  conn
+}
+
+fn from_env(var_name: &str) -> Option<String> {
+  std::env::var(var_name).ok().filter(|s| !s.is_empty())
 }
diff --git a/services/tunnelbroker/src/config.rs b/services/tunnelbroker/src/config.rs
--- a/services/tunnelbroker/src/config.rs
+++ b/services/tunnelbroker/src/config.rs
@@ -14,7 +14,8 @@
   #[arg(long, default_value_t = 51001)]
   pub http_port: u16,
   /// AMQP server URI
-  #[arg(long, default_value_t = String::from("amqp://comm:comm@localhost:5672"))]
+  #[arg(env = "AMQP_URI")]
+  #[arg(long, default_value = "amqp://comm:comm@localhost:5672")]
   pub amqp_uri: String,
   /// AWS Localstack service URL
   #[arg(env = "LOCALSTACK_ENDPOINT")]