diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7cdad22..f715cfe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,4 +16,3 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
           requests
         * Packages of architecture "any" are part of every architecture's
           database
-        * Bearer authentication for private routes
diff --git a/Cargo.lock b/Cargo.lock
index 804a3d1..d9c6efe 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -243,12 +243,6 @@ dependencies = [
  "rustc-demangle",
 ]
 
-[[package]]
-name = "base64"
-version = "0.20.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ea22880d78093b0cbe17c89f64a7d457941e65759157ec6cb31a31d652b05e5"
-
 [[package]]
 name = "base64"
 version = "0.21.2"
@@ -1768,7 +1762,7 @@ version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2d3987094b1d07b653b7dfdc3f70ce9a1da9c51ac18c1b06b662e4f9a0e9f4b2"
 dependencies = [
- "base64 0.21.2",
+ "base64",
 ]
 
 [[package]]
@@ -2261,7 +2255,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8ca69bf415b93b60b80dc8fda3cb4ef52b2336614d8da2de5456cc942a110482"
 dependencies = [
  "atoi",
- "base64 0.21.2",
+ "base64",
  "bigdecimal",
  "bitflags 2.3.3",
  "byteorder",
@@ -2308,7 +2302,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a0db2df1b8731c3651e204629dd55e52adbae0462fa1bdcbed56a2302c18181e"
 dependencies = [
  "atoi",
- "base64 0.21.2",
+ "base64",
  "bigdecimal",
  "bitflags 2.3.3",
  "byteorder",
@@ -2622,7 +2616,6 @@ version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a8bd22a874a2d0b70452d5597b12c537331d49060824a95f49f108994f94aa4c"
 dependencies = [
- "base64 0.20.0",
  "bitflags 2.3.3",
  "bytes",
  "futures-core",
diff --git a/server/Cargo.toml b/server/Cargo.toml
index bf4fd7f..c147eae 100644
--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@@ -18,7 +18,7 @@ sha256 = "1.1.4"
 tokio = { version = "1.29.1", features = ["full"] }
 tokio-util = { version = "0.7.8", features = ["io"] }
 tower = { version = "0.4.13", features = ["make"] }
-tower-http = { version = "0.4.1", features = ["fs", "trace", "auth"] }
+tower-http = { version = "0.4.1", features = ["fs", "trace"] }
 tracing = "0.1.37"
 tracing-subscriber = { version = "0.3.17", features = ["env-filter"] }
 uuid = { version = "1.4.0", features = ["v4"] }
diff --git a/server/src/cli.rs b/server/src/cli.rs
index 8b160d5..0725e64 100644
--- a/server/src/cli.rs
+++ b/server/src/cli.rs
@@ -18,8 +18,6 @@ pub struct Cli {
     pub pkg_dir: PathBuf,
     /// Directory where repository metadata & SQLite database is stored
     pub data_dir: PathBuf,
-    /// API key to authenticate private routes with
-    pub api_key: String,
 
     /// Database connection URL; either sqlite:// or postgres://. Defaults to rieter.sqlite in the
     /// data directory
@@ -74,7 +72,6 @@ impl Cli {
             data_dir: self.data_dir.clone(),
             repo_dir: self.data_dir.join("repos"),
             pkg_dir: self.pkg_dir.clone(),
-            api_key: self.api_key.clone(),
         };
         let repo_manager = RepoGroupManager::new(&config.repo_dir, &self.pkg_dir);
 
@@ -87,7 +84,7 @@ impl Cli {
         // build our application with a single route
         let app = Router::new()
             .nest("/api", crate::api::router())
-            .merge(crate::repo::router(&self.api_key))
+            .merge(crate::repo::router())
             .with_state(global)
             .layer(TraceLayer::new_for_http());
 
diff --git a/server/src/main.rs b/server/src/main.rs
index c2b0eaf..e3dbf36 100644
--- a/server/src/main.rs
+++ b/server/src/main.rs
@@ -16,7 +16,6 @@ pub struct Config {
     data_dir: PathBuf,
     repo_dir: PathBuf,
     pkg_dir: PathBuf,
-    api_key: String,
 }
 
 #[derive(Clone)]
diff --git a/server/src/repo/mod.rs b/server/src/repo/mod.rs
index 2bad3d5..0a28969 100644
--- a/server/src/repo/mod.rs
+++ b/server/src/repo/mod.rs
@@ -17,28 +17,15 @@ use std::sync::Arc;
 use tokio::{fs, io::AsyncWriteExt};
 use tower::util::ServiceExt;
 use tower_http::services::{ServeDir, ServeFile};
-use tower_http::validate_request::ValidateRequestHeaderLayer;
 use uuid::Uuid;
 
-pub fn router(api_key: &str) -> Router<crate::Global> {
+pub fn router() -> Router<crate::Global> {
     Router::new()
-        .route(
-            "/:repo",
-            post(post_package_archive)
-                .delete(delete_repo)
-                .route_layer(ValidateRequestHeaderLayer::bearer(api_key)),
-        )
-        .route(
-            "/:repo/:arch",
-            delete(delete_arch_repo).route_layer(ValidateRequestHeaderLayer::bearer(api_key)),
-        )
-        // Routes added after the layer do not get that layer applied, so the GET requests will not
-        // be authorized
+        .route("/:repo", post(post_package_archive).delete(delete_repo))
+        .route("/:repo/:arch", delete(delete_arch_repo))
         .route(
             "/:repo/:arch/:filename",
-            delete(delete_package)
-                .route_layer(ValidateRequestHeaderLayer::bearer(api_key))
-                .get(get_file),
+            delete(delete_package).get(get_file),
         )
 }
 
@@ -70,8 +57,6 @@ async fn post_package_archive(
     match res {
         // Insert the newly added package into the database
         Ok(pkg) => {
-            tracing::info!("Added '{}' to repository '{}'", pkg.file_name(), repo);
-
             // Query the repo for its ID, or create it if it does not already exist
             let repo_entity = db_repo::Entity::find()
                 .filter(db_repo::Column::Name.eq(&repo))
@@ -165,14 +150,10 @@ async fn delete_repo(
 ) -> crate::Result<StatusCode> {
     let clone = Arc::clone(&global.repo_manager);
 
-    let repo_clone = repo.clone();
     let repo_removed =
-        tokio::task::spawn_blocking(move || clone.write().unwrap().remove_repo(&repo_clone))
-            .await??;
+        tokio::task::spawn_blocking(move || clone.write().unwrap().remove_repo(&repo)).await??;
 
     if repo_removed {
-        tracing::info!("Removed repository '{}'", repo);
-
         Ok(StatusCode::OK)
     } else {
         Ok(StatusCode::NOT_FOUND)
@@ -185,14 +166,11 @@ async fn delete_arch_repo(
 ) -> crate::Result<StatusCode> {
     let clone = Arc::clone(&global.repo_manager);
 
-    let log = format!("Removed architecture '{}' from repository '{}'", arch, repo);
     let repo_removed =
         tokio::task::spawn_blocking(move || clone.write().unwrap().remove_repo_arch(&repo, &arch))
             .await??;
 
     if repo_removed {
-        tracing::info!(log);
-
         Ok(StatusCode::OK)
     } else {
         Ok(StatusCode::NOT_FOUND)
@@ -212,7 +190,6 @@ async fn delete_package(
     }
 
     let name = name_parts[..name_parts.len() - 3].join("-");
-    let log = format!("Removed '{}' from repository '{}'", file_name, repo);
 
     let clone = Arc::clone(&global.repo_manager);
 
@@ -222,8 +199,6 @@ async fn delete_package(
     .await??;
 
     if pkg_removed {
-        tracing::info!(log);
-
         Ok(StatusCode::OK)
     } else {
         Ok(StatusCode::NOT_FOUND)