diff --git a/src/main/kotlin/kr/io/team/loop/common/config/SecurityConfig.kt b/src/main/kotlin/kr/io/team/loop/common/config/SecurityConfig.kt
index 2b19706..34cc1f6 100644
--- a/src/main/kotlin/kr/io/team/loop/common/config/SecurityConfig.kt
+++ b/src/main/kotlin/kr/io/team/loop/common/config/SecurityConfig.kt
@@ -26,6 +26,7 @@ class SecurityConfig {
                 authorize("/graphql", permitAll)
                 authorize("/h2-console/**", permitAll)
                 authorize("/actuator/health/**", permitAll)
+                authorize("/actuator/prometheus", permitAll)
                 authorize(anyRequest, authenticated)
             }
             headers {
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 993cc83..9ad9440 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -12,6 +12,10 @@ spring:
         generate-ddl: false
 
 management:
+    endpoints:
+        web:
+            exposure:
+                include: health, prometheus
     endpoint:
         health:
             probes: