diff --git a/extensions/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityConfig.java b/extensions/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityConfig.java
index 76ee08a2f9140..21ca75da9dfa5 100644
--- a/extensions/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityConfig.java
+++ b/extensions/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityConfig.java
@@ -34,4 +34,25 @@ public interface SecurityConfig {
      */
     @ConfigDocMapKey("provider-name")
     Map<String, String> securityProviderConfig();
+
+    /**
+     * If set to true, access to all methods of beans that have any security annotations on other members will be denied by
+     * default.
+     * E.g. if enabled, in the following bean, <code>methodB</code> will be denied.
+     *
+     * <pre>
+     *   &#064;ApplicationScoped
+     *   public class A {
+     *      &#064;RolesAllowed("admin")
+     *      public void methodA() {
+     *          ...
+     *      }
+     *      public void methodB() {
+     *          ...
+     *      }
+     *   }
+     * </pre>
+     */
+    @WithDefault("false")
+    boolean denyUnannotatedMembers();
 }
diff --git a/extensions/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityProcessor.java b/extensions/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityProcessor.java
index bd5b9bcf607e4..62b0f6b5e0372 100644
--- a/extensions/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityProcessor.java
+++ b/extensions/security/deployment/src/main/java/io/quarkus/security/deployment/SecurityProcessor.java
@@ -109,7 +109,6 @@
 import io.quarkus.security.runtime.IdentityProviderManagerCreator;
 import io.quarkus.security.runtime.QuarkusPermissionSecurityIdentityAugmentor;
 import io.quarkus.security.runtime.QuarkusSecurityRolesAllowedConfigBuilder;
-import io.quarkus.security.runtime.SecurityBuildTimeConfig;
 import io.quarkus.security.runtime.SecurityCheckRecorder;
 import io.quarkus.security.runtime.SecurityIdentityAssociation;
 import io.quarkus.security.runtime.SecurityIdentityProxy;
@@ -550,9 +549,8 @@ void transformAdditionalSecuredClassesToMethods(List<AdditionalSecuredClassesBui
      */
     @BuildStep
     void transformSecurityAnnotations(BuildProducer<AnnotationsTransformerBuildItem> transformers,
-            List<AdditionalSecuredMethodsBuildItem> additionalSecuredMethods,
-            SecurityBuildTimeConfig config) {
-        if (config.denyUnannotated()) {
+            List<AdditionalSecuredMethodsBuildItem> additionalSecuredMethods) {
+        if (security.denyUnannotatedMembers()) {
             transformers.produce(new AnnotationsTransformerBuildItem(AnnotationTransformation
                     .forClasses()
                     .whenClass(new DenyUnannotatedPredicate())
@@ -747,7 +745,7 @@ MethodSecurityChecks gatherSecurityChecks(
             BuildProducer<ClassSecurityCheckStorageBuildItem> classSecurityCheckStorageProducer,
             List<RegisterClassSecurityCheckBuildItem> registerClassSecurityCheckBuildItems,
             BuildProducer<ReflectiveClassBuildItem> reflectiveClassBuildItemBuildProducer,
-            List<AdditionalSecurityCheckBuildItem> additionalSecurityChecks, SecurityBuildTimeConfig config,
+            List<AdditionalSecurityCheckBuildItem> additionalSecurityChecks,
             PermissionSecurityChecksBuilderBuildItem permissionSecurityChecksBuilderBuildItem,
             BuildProducer<GeneratedClassBuildItem> generatedClassesProducer,
             BuildProducer<ReflectiveClassBuildItem> reflectiveClassesProducer) {
@@ -765,7 +763,7 @@ MethodSecurityChecks gatherSecurityChecks(
 
         IndexView index = beanArchiveBuildItem.getIndex();
         Map<MethodInfo, SecurityCheck> securityChecks = gatherSecurityAnnotations(index, configExpSecurityCheckProducer,
-                additionalSecured.values(), config.denyUnannotated(), recorder, configBuilderProducer,
+                additionalSecured.values(), security.denyUnannotatedMembers(), recorder, configBuilderProducer,
                 reflectiveClassBuildItemBuildProducer, rolesAllowedConfigExpResolverBuildItems,
                 registerClassSecurityCheckBuildItems, classSecurityCheckStorageProducer, hasAdditionalSecAnn,
                 additionalSecurityAnnotationItems, permissionSecurityChecksBuilderBuildItem.instance,
diff --git a/extensions/security/runtime/src/main/java/io/quarkus/security/runtime/SecurityBuildTimeConfig.java b/extensions/security/runtime/src/main/java/io/quarkus/security/runtime/SecurityBuildTimeConfig.java
deleted file mode 100644
index a44a306be1a3d..0000000000000
--- a/extensions/security/runtime/src/main/java/io/quarkus/security/runtime/SecurityBuildTimeConfig.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package io.quarkus.security.runtime;
-
-import io.quarkus.runtime.annotations.ConfigPhase;
-import io.quarkus.runtime.annotations.ConfigRoot;
-import io.smallrye.config.ConfigMapping;
-import io.smallrye.config.WithDefault;
-import io.smallrye.config.WithName;
-
-/**
- * @author Michal Szynkiewicz, michal.l.szynkiewicz@gmail.com
- */
-@ConfigMapping(prefix = "quarkus.security")
-@ConfigRoot(phase = ConfigPhase.BUILD_AND_RUN_TIME_FIXED)
-public interface SecurityBuildTimeConfig {
-    /**
-     * If set to true, access to all methods of beans that have any security annotations on other members will be denied by
-     * default.
-     * E.g. if enabled, in the following bean, <code>methodB</code> will be denied.
-     *
-     * <pre>
-     *   &#064;ApplicationScoped
-     *   public class A {
-     *      &#064;RolesAllowed("admin")
-     *      public void methodA() {
-     *          ...
-     *      }
-     *      public void methodB() {
-     *          ...
-     *      }
-     *   }
-     * </pre>
-     */
-    @WithName("deny-unannotated-members")
-    @WithDefault("false")
-    boolean denyUnannotated();
-
-}