diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 6d644ceef5a0eea50bc01a30f569a09359bd0bda..840c8796f82c76d26cf8ff6cc50e0a71007c8bf4 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -20,6 +20,10 @@ bin_dir: /usr/local/bin
 ## This may be the case if clients support and loadbalance multiple etcd servers  natively.
 #etcd_multiaccess: true
 
+### ETCD: disable peer client cert authentication.
+# This affects ETCD_PEER_CLIENT_CERT_AUTH variable
+#etcd_peer_client_auth: true
+
 ## External LB example config
 ## apiserver_loadbalancer_domain_name: "elb.some.domain"
 #loadbalancer_apiserver:
diff --git a/roles/etcd/defaults/main.yml b/roles/etcd/defaults/main.yml
index 3029409af0515f3c72433c18b8b2f8a14aa15e9a..f394e41aab672f64f7b2443d833d9403be59287d 100644
--- a/roles/etcd/defaults/main.yml
+++ b/roles/etcd/defaults/main.yml
@@ -40,3 +40,6 @@ etcd_vault_mount_path: etcd
 
 # Force clients like etcdctl to use TLS certs (different than peer security)
 etcd_secure_client: true
+
+# Enable peer client cert authentication
+etcd_peer_client_auth: true
diff --git a/roles/etcd/templates/etcd.env.j2 b/roles/etcd/templates/etcd.env.j2
index 5f14d05b6e7e5af0d06d24788b9fc178767c9a8b..6a917d127a3add8da3efcd8a9fb172102d86bccb 100644
--- a/roles/etcd/templates/etcd.env.j2
+++ b/roles/etcd/templates/etcd.env.j2
@@ -23,4 +23,4 @@ ETCD_CLIENT_CERT_AUTH={{ etcd_secure_client | lower}}
 ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
 ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
 ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
-ETCD_PEER_CLIENT_CERT_AUTH=true
+ETCD_PEER_CLIENT_CERT_AUTH={{ etcd_peer_client_auth }}