diff --git a/docs/index.md b/docs/index.md
index 912ac5f..093434a 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -3,13 +3,13 @@
 page_title: "scylladbcloud Provider"
 subcategory: ""
 description: |-
-  
+
 ---
 
 # ScyllaDB Cloud Provider
 
 This provider allows you to manage [ScyllaDB Cloud](https://cloud.scylladb.com/) resources using Terraform.
-You must configure the provider with proper credentials before you can use it. See 
+You must configure the provider with proper credentials before you can use it. See
 [Obtaining an API Key](https://cloud.docs.scylladb.com/stable/api-docs/api-get-started.html#obtaining-an-api-key-beta) for instructions on getting an API access token.
 
 Use the navigation menu on the left to read about the available data sources and resources.
@@ -32,12 +32,16 @@ provider "scylladbcloud" {
 }
 ```
 
+### Environment Variables
+
+Authentication token can be provided by using the `SCYLLADB_CLOUD_TOKEN` environment variable.
+
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Required
 
-- `token` (String, Sensitive) Bearer token used to authenticate with the API.
+- `token` (String, Sensitive) Bearer token used to authenticate with the API. If not provided, the `SCYLLADB_CLOUD_TOKEN` environment variable is used.
 
 ### Optional
 
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
index 6ba3f03..601993e 100644
--- a/internal/provider/provider.go
+++ b/internal/provider/provider.go
@@ -3,6 +3,7 @@ package provider
 import (
 	"context"
 	"net/url"
+	"os"
 	"runtime"
 
 	"github.com/scylladb/terraform-provider-scylladbcloud/internal/provider/allowlistrule"
@@ -15,28 +16,45 @@ import (
 
 	"github.com/scylladb/terraform-provider-scylladbcloud/internal/scylla"
 
+	"github.com/hashicorp/go-cty/cty"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
-var defaultEndpoint = &url.URL{
-	Scheme: "https",
-	Host:   "api.cloud.scylladb.com",
+var defaultEndpoint = "https://api.cloud.scylladb.com"
+
+func envToken() string {
+	return os.Getenv("SCYLLADB_CLOUD_TOKEN")
+}
+
+func envEndpoint() string {
+	return os.Getenv("SCYLLADB_CLOUD_ENDPOINT")
 }
 
-func New(_ context.Context) (*schema.Provider, error) {
+func New(context.Context) (*schema.Provider, error) {
 	p := &schema.Provider{
 		Schema: map[string]*schema.Schema{
 			"endpoint": {
 				Type:        schema.TypeString,
 				Optional:    true,
-				Default:     defaultEndpoint.String(),
+				Default:     nonempty(envEndpoint(), defaultEndpoint),
 				Description: "URL of the Scylla Cloud endpoint.",
 			},
 			"token": {
-				Type:        schema.TypeString,
-				Required:    true,
-				Sensitive:   true,
+				Type:      schema.TypeString,
+				Optional:  true,
+				Sensitive: true,
+				Default:   envToken(),
+				ValidateDiagFunc: func(v any, _ cty.Path) diag.Diagnostics {
+					if tok, ok := v.(string); !ok || tok == "" {
+						return diag.Diagnostics{{
+							Severity: diag.Error,
+							Summary:  "token is required",
+							Detail:   "A token must be provided to authenticate with the Scylla Cloud API.",
+						}}
+					}
+					return nil
+				},
 				Description: "Bearer token used to authenticate with the API.",
 			},
 		},
@@ -101,3 +119,13 @@ func userAgent(tfVersion string) string {
 
 	return "Terraform/0.11+compatible (" + sysinfo + ")"
 }
+
+func nonempty[T comparable](t ...T) T {
+	var zero T
+	for _, v := range t {
+		if v != zero {
+			return v
+		}
+	}
+	return zero
+}