diff --git a/api-daemon/pvcapid/flaskapi.py b/api-daemon/pvcapid/flaskapi.py
index d1262490..01f0a335 100755
--- a/api-daemon/pvcapid/flaskapi.py
+++ b/api-daemon/pvcapid/flaskapi.py
@@ -629,8 +629,9 @@ class API_Metrics(Resource):
         Return the current PVC cluster status in Prometheus-compatible metrics format and
         the Ceph cluster metrics as one document.
 
-        Endpoint is unauthenticated to allow metrics exfiltration without having to deal
-        with the Prometheus compatibility later.
+        Endpoint is UNAUTHENTICATED to allow metrics exfiltration without having to deal
+        with Prometheus compatibility (only basic auth support). Ensure this API endpoint
+        is only opened to trusted networks that cannot abuse the data provided!
         ---
         tags:
           - root
@@ -657,7 +658,8 @@ class API_Metrics(Resource):
         return response
 
 
-api.add_resource(API_Metrics, "/metrics")
+if config["enable_prometheus"]:
+    api.add_resource(API_Metrics, "/metrics")
 
 
 # /metrics/health
@@ -666,8 +668,9 @@ class API_Metrics_Health(Resource):
         """
         Return the current PVC cluster health status in Prometheus-compatible metrics format
 
-        Endpoint is unauthenticated to allow metrics exfiltration without having to deal
-        with the Prometheus compatibility later.
+        Endpoint is UNAUTHENTICATED to allow metrics exfiltration without having to deal
+        with Prometheus compatibility (only basic auth support). Ensure this API endpoint
+        is only opened to trusted networks that cannot abuse the data provided!
         ---
         tags:
           - root
@@ -691,7 +694,8 @@ class API_Metrics_Health(Resource):
         return response
 
 
-api.add_resource(API_Metrics_Health, "/metrics/health")
+if config["enable_prometheus"]:
+    api.add_resource(API_Metrics_Health, "/metrics/health")
 
 
 # /metrics/resource
@@ -700,8 +704,9 @@ class API_Metrics_Resource(Resource):
         """
         Return the current PVC cluster resource utilizations in Prometheus-compatible metrics format
 
-        Endpoint is unauthenticated to allow metrics exfiltration without having to deal
-        with the Prometheus compatibility later.
+        Endpoint is UNAUTHENTICATED to allow metrics exfiltration without having to deal
+        with Prometheus compatibility (only basic auth support). Ensure this API endpoint
+        is only opened to trusted networks that cannot abuse the data provided!
         ---
         tags:
           - root
@@ -725,7 +730,8 @@ class API_Metrics_Resource(Resource):
         return response
 
 
-api.add_resource(API_Metrics_Resource, "/metrics/resource")
+if config["enable_prometheus"]:
+    api.add_resource(API_Metrics_Resource, "/metrics/resource")
 
 
 # /metrics/ceph
@@ -736,6 +742,10 @@ class API_Metrics_Ceph(Resource):
 
         Proxies a metrics request to the current active MGR, since this is dynamic
         and can't be controlled by PVC easily.
+
+        Endpoint is UNAUTHENTICATED to allow metrics exfiltration without having to deal
+        with Prometheus compatibility (only basic auth support). Ensure this API endpoint
+        is only opened to trusted networks that cannot abuse the data provided!
         ---
         tags:
           - root
@@ -759,7 +769,8 @@ class API_Metrics_Ceph(Resource):
         return response
 
 
-api.add_resource(API_Metrics_Ceph, "/metrics/ceph")
+if config["enable_prometheus"]:
+    api.add_resource(API_Metrics_Ceph, "/metrics/ceph")
 
 
 # /metrics/zookeeper
@@ -770,6 +781,10 @@ class API_Metrics_Zookeeper(Resource):
 
         Proxies a metrics request to the current primary node, since all coordinators
         run an active Zookeeper instance and we want one central location.
+
+        Endpoint is UNAUTHENTICATED to allow metrics exfiltration without having to deal
+        with Prometheus compatibility (only basic auth support). Ensure this API endpoint
+        is only opened to trusted networks that cannot abuse the data provided!
         ---
         tags:
           - root
@@ -793,7 +808,8 @@ class API_Metrics_Zookeeper(Resource):
         return response
 
 
-api.add_resource(API_Metrics_Zookeeper, "/metrics/zookeeper")
+if config["enable_prometheus"]:
+    api.add_resource(API_Metrics_Zookeeper, "/metrics/zookeeper")
 
 
 # /faults
diff --git a/daemon-common/config.py b/daemon-common/config.py
index 8ebde8e9..8222439d 100644
--- a/daemon-common/config.py
+++ b/daemon-common/config.py
@@ -176,6 +176,7 @@ def get_parsed_configuration(config_file):
             "enable_storage": o_subsystem.get("enable_storage", True),
             "enable_worker": o_subsystem.get("enable_worker", True),
             "enable_api": o_subsystem.get("enable_api", True),
+            "enable_prometheus": o_subsystem.get("enable_prometheus", True),
         }
         config = {**config, **config_subsystem}
 
diff --git a/pvc.sample.conf b/pvc.sample.conf
index e4fb3e7b..7ac9b84e 100644
--- a/pvc.sample.conf
+++ b/pvc.sample.conf
@@ -44,6 +44,9 @@ subsystem:
     # Enable or disable the API client, if installed, when node is Primary
     enable_api: yes
 
+    # Enable or disable the Prometheus metrics endpoints in the API; if disabled, these return 404
+    enable_prometheus: yes
+
 # Cluster configuration
 cluster: