diff --git a/cmd/control-heal-main.go b/cmd/control-heal-main.go
index f2a334cd6..43d29eea1 100644
--- a/cmd/control-heal-main.go
+++ b/cmd/control-heal-main.go
@@ -191,9 +191,19 @@ func healControl(ctx *cli.Context) {
 	parsedURL, err := url.Parse(ctx.Args().Get(0))
 	fatalIf(err, "Unable to parse URL %s", ctx.Args().Get(0))
 
+	accessKey := serverConfig.GetCredential().AccessKeyID
+	secretKey := serverConfig.GetCredential().SecretAccessKey
+	// Username and password specified in URL will override prior configuration
+	if parsedURL.User != nil {
+		accessKey = parsedURL.User.Username()
+		if key, set := parsedURL.User.Password(); set {
+			secretKey = key
+		}
+	}
+
 	authCfg := &authConfig{
-		accessKey:   serverConfig.GetCredential().AccessKeyID,
-		secretKey:   serverConfig.GetCredential().SecretAccessKey,
+		accessKey:   accessKey,
+		secretKey:   secretKey,
 		secureConn:  parsedURL.Scheme == "https",
 		address:     parsedURL.Host,
 		path:        path.Join(reservedBucket, controlPath),
diff --git a/cmd/control-lock-main.go b/cmd/control-lock-main.go
index e212de99b..4ef1e20ba 100644
--- a/cmd/control-lock-main.go
+++ b/cmd/control-lock-main.go
@@ -150,6 +150,16 @@ func lockControl(c *cli.Context) {
 	parsedURL, err := url.Parse(c.Args().Get(1))
 	fatalIf(err, "Unable to parse URL.")
 
+	accessKey := serverConfig.GetCredential().AccessKeyID
+	secretKey := serverConfig.GetCredential().SecretAccessKey
+	// Username and password specified in URL will override prior configuration
+	if parsedURL.User != nil {
+		accessKey = parsedURL.User.Username()
+		if key, set := parsedURL.User.Password(); set {
+			secretKey = key
+		}
+	}
+
 	// Parse older than string.
 	olderThanStr := c.String("older-than")
 	olderThan, err := time.ParseDuration(olderThanStr)
@@ -162,8 +172,8 @@ func lockControl(c *cli.Context) {
 	recursive := c.Bool("recursive")
 
 	authCfg := &authConfig{
-		accessKey:   serverConfig.GetCredential().AccessKeyID,
-		secretKey:   serverConfig.GetCredential().SecretAccessKey,
+		accessKey:   accessKey,
+		secretKey:   secretKey,
 		secureConn:  parsedURL.Scheme == "https",
 		address:     parsedURL.Host,
 		path:        path.Join(reservedBucket, controlPath),
diff --git a/cmd/control-service-main.go b/cmd/control-service-main.go
index 3e6fbfb52..253101eca 100644
--- a/cmd/control-service-main.go
+++ b/cmd/control-service-main.go
@@ -71,9 +71,19 @@ func serviceControl(c *cli.Context) {
 	parsedURL, err := url.Parse(c.Args().Get(1))
 	fatalIf(err, "Unable to parse URL %s", c.Args().Get(1))
 
+	accessKey := serverConfig.GetCredential().AccessKeyID
+	secretKey := serverConfig.GetCredential().SecretAccessKey
+	// Username and password specified in URL will override prior configuration
+	if parsedURL.User != nil {
+		accessKey = parsedURL.User.Username()
+		if key, set := parsedURL.User.Password(); set {
+			secretKey = key
+		}
+	}
+
 	authCfg := &authConfig{
-		accessKey:   serverConfig.GetCredential().AccessKeyID,
-		secretKey:   serverConfig.GetCredential().SecretAccessKey,
+		accessKey:   accessKey,
+		secretKey:   secretKey,
 		secureConn:  parsedURL.Scheme == "https",
 		address:     parsedURL.Host,
 		path:        path.Join(reservedBucket, controlPath),