diff --git a/src/main/java/com/digitalsanctuary/spring/user/dev/DevLoginConfigProperties.java b/src/main/java/com/digitalsanctuary/spring/user/dev/DevLoginConfigProperties.java
index 1b1bf5b..d58b624 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/dev/DevLoginConfigProperties.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/dev/DevLoginConfigProperties.java
@@ -1,8 +1,6 @@
 package com.digitalsanctuary.spring.user.dev;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.context.annotation.PropertySource;
-import org.springframework.stereotype.Component;
 import lombok.Data;
 
 /**
@@ -17,8 +15,6 @@
  * </p>
  */
 @Data
-@Component
-@PropertySource("classpath:config/dsspringuserconfig.properties")
 @ConfigurationProperties(prefix = "user.dev")
 public class DevLoginConfigProperties {
 
diff --git a/src/main/java/com/digitalsanctuary/spring/user/dev/DevLoginConfiguration.java b/src/main/java/com/digitalsanctuary/spring/user/dev/DevLoginConfiguration.java
new file mode 100644
index 0000000..5d7e8b8
--- /dev/null
+++ b/src/main/java/com/digitalsanctuary/spring/user/dev/DevLoginConfiguration.java
@@ -0,0 +1,27 @@
+package com.digitalsanctuary.spring.user.dev;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+
+/**
+ * Configuration that registers {@link DevLoginConfigProperties}.
+ * <p>
+ * Activates only when the {@code local} profile is active and
+ * {@code user.dev.auto-login-enabled=true}. Individual dev-login components
+ * ({@link DevLoginController}, {@link DevLoginStartupWarning}) carry their own
+ * guards for defense-in-depth.
+ * </p>
+ * <p>
+ * Note: this class is registered via component scan (not Spring Boot SPI), so
+ * default property values are provided by {@code WebAuthnConfiguration}, which
+ * unconditionally loads {@code classpath:config/dsspringuserconfig.properties}.
+ * </p>
+ */
+@Configuration
+@Profile("local")
+@ConditionalOnProperty(name = "user.dev.auto-login-enabled", havingValue = "true", matchIfMissing = false)
+@EnableConfigurationProperties(DevLoginConfigProperties.class)
+public class DevLoginConfiguration {
+}
diff --git a/src/main/java/com/digitalsanctuary/spring/user/security/WebAuthnConfigProperties.java b/src/main/java/com/digitalsanctuary/spring/user/security/WebAuthnConfigProperties.java
index 72c277b..e30a978 100644
--- a/src/main/java/com/digitalsanctuary/spring/user/security/WebAuthnConfigProperties.java
+++ b/src/main/java/com/digitalsanctuary/spring/user/security/WebAuthnConfigProperties.java
@@ -2,16 +2,12 @@
 
 import java.util.Set;
 import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.context.annotation.PropertySource;
-import org.springframework.stereotype.Component;
 import lombok.Data;
 
 /**
  * Configuration properties for WebAuthn (Passkey) authentication.
  */
 @Data
-@Component
-@PropertySource("classpath:config/dsspringuserconfig.properties")
 @ConfigurationProperties(prefix = "user.webauthn")
 public class WebAuthnConfigProperties {
 
diff --git a/src/main/java/com/digitalsanctuary/spring/user/security/WebAuthnConfiguration.java b/src/main/java/com/digitalsanctuary/spring/user/security/WebAuthnConfiguration.java
new file mode 100644
index 0000000..c9513f7
--- /dev/null
+++ b/src/main/java/com/digitalsanctuary/spring/user/security/WebAuthnConfiguration.java
@@ -0,0 +1,20 @@
+package com.digitalsanctuary.spring.user.security;
+
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+
+/**
+ * Configuration that registers {@link WebAuthnConfigProperties}.
+ * <p>
+ * This configuration is always active because {@code WebSecurityConfig} requires
+ * {@link WebAuthnConfigProperties} regardless of whether WebAuthn is enabled.
+ * Individual WebAuthn components carry their own
+ * {@code @ConditionalOnProperty(name = "user.webauthn.enabled")} guards.
+ * </p>
+ */
+@Configuration
+@PropertySource("classpath:config/dsspringuserconfig.properties")
+@EnableConfigurationProperties(WebAuthnConfigProperties.class)
+public class WebAuthnConfiguration {
+}