diff --git a/NEXT_CHANGELOG.md b/NEXT_CHANGELOG.md
index 989a1f273b0..acce19eba16 100644
--- a/NEXT_CHANGELOG.md
+++ b/NEXT_CHANGELOG.md
@@ -8,6 +8,7 @@
 * `workspace export-dir` no longer aborts when a workspace object's name is not a legal local filename (e.g. a notebook named `New Notebook 2026-05-04 13:54:24` whose `:` is illegal on Windows). Such files are now exported under a sanitized name with a warning and the export completes ([#5171](https://github.com/databricks/cli/issues/5171)).
 * `ssh connect` now opens an interactive `bash` login shell by default instead of the compute image's default `/bin/sh`, falling back gracefully when `bash` is unavailable. Passing an explicit remote command (`-- <cmd>`) is unaffected ([#5687](https://github.com/databricks/cli/pull/5687)).
 * `ssh connect` interactive sessions now start in the user's workspace home folder (`/Workspace/Users/<email>`) instead of the OS home directory, falling back to the OS home when that folder is unavailable ([#5688](https://github.com/databricks/cli/pull/5688)).
+* An explicitly selected profile (the `--profile` flag or a bundle's `workspace.profile`) now takes precedence over authentication environment variables (`DATABRICKS_HOST`, `DATABRICKS_TOKEN`, etc.). Previously these env vars silently shadowed the selected profile's host and credentials. Environment variables still fill auth fields the profile leaves empty (e.g. a host-only profile combined with `DATABRICKS_TOKEN`). A profile picked up from `DATABRICKS_CONFIG_PROFILE` keeps the SDK's default env-first precedence ([#5096](https://github.com/databricks/cli/issues/5096)).
 
 ### Bundles
 * Add documentation for the common bundle resource fields `permissions`, `lifecycle`, and `grants` in the JSON schema, so they surface in editor completions and the docs.
diff --git a/acceptance/cmd/auth/describe/profile-overrides-env/out.test.toml b/acceptance/cmd/auth/describe/profile-overrides-env/out.test.toml
new file mode 100644
index 00000000000..f784a183258
--- /dev/null
+++ b/acceptance/cmd/auth/describe/profile-overrides-env/out.test.toml
@@ -0,0 +1,3 @@
+Local = true
+Cloud = false
+EnvMatrix.DATABRICKS_BUNDLE_ENGINE = ["terraform", "direct"]
diff --git a/acceptance/cmd/auth/describe/profile-overrides-env/output.txt b/acceptance/cmd/auth/describe/profile-overrides-env/output.txt
new file mode 100644
index 00000000000..60872b97469
--- /dev/null
+++ b/acceptance/cmd/auth/describe/profile-overrides-env/output.txt
@@ -0,0 +1,36 @@
+
+=== Describe with --profile overrides auth env vars (#5096)
+
+>>> [CLI] auth describe --profile my-workspace
+Host: [DATABRICKS_URL]
+User: [USERNAME]
+Authenticated with: pat
+-----
+Current configuration:
+  ✓ host: [DATABRICKS_URL] (from [TEST_TMP_DIR]/home/.databrickscfg config file)
+  ✓ workspace_id: [NUMID]
+  ✓ token: ******** (from [TEST_TMP_DIR]/home/.databrickscfg config file)
+  ✓ profile: my-workspace (from --profile flag)
+  ✓ databricks_cli_path: [CLI]
+  ✓ auth_type: pat
+  ✓ rate_limit: [NUMID] (from DATABRICKS_RATE_LIMIT environment variable)
+  ✓ cloud: AWS
+  ✓ discovery_url: [DATABRICKS_URL]/oidc/.well-known/oauth-authorization-server
+
+=== Describe with a host-only --profile fills the token from the environment (#5096)
+
+>>> [CLI] auth describe --profile host-only
+Host: [DATABRICKS_URL]
+User: [USERNAME]
+Authenticated with: pat
+-----
+Current configuration:
+  ✓ host: [DATABRICKS_URL] (from [TEST_TMP_DIR]/home/.databrickscfg config file)
+  ✓ workspace_id: [NUMID]
+  ✓ token: ******** (from DATABRICKS_TOKEN environment variable)
+  ✓ profile: host-only (from --profile flag)
+  ✓ databricks_cli_path: [CLI]
+  ✓ auth_type: pat
+  ✓ rate_limit: [NUMID] (from DATABRICKS_RATE_LIMIT environment variable)
+  ✓ cloud: AWS
+  ✓ discovery_url: [DATABRICKS_URL]/oidc/.well-known/oauth-authorization-server
diff --git a/acceptance/cmd/auth/describe/profile-overrides-env/script b/acceptance/cmd/auth/describe/profile-overrides-env/script
new file mode 100644
index 00000000000..2a675a673da
--- /dev/null
+++ b/acceptance/cmd/auth/describe/profile-overrides-env/script
@@ -0,0 +1,26 @@
+sethome "./home"
+
+# A profile carries full credentials; a second profile carries only a host.
+cat > "./home/.databrickscfg" <<EOF
+[my-workspace]
+host  = $DATABRICKS_HOST
+token = $DATABRICKS_TOKEN
+
+[host-only]
+host  = $DATABRICKS_HOST
+EOF
+
+# direnv-style auth env vars pointing at a different (dev) workspace. Before the
+# fix for #5096 these shadowed the profile selected with --profile.
+real_token=$DATABRICKS_TOKEN
+export DATABRICKS_HOST=https://dev.cloud.databricks.test
+export DATABRICKS_TOKEN=dev-token
+
+title "Describe with --profile overrides auth env vars (#5096)\n"
+trace $CLI auth describe --profile my-workspace
+
+# A host-only profile relies on the environment for the credential: the profile
+# must win for the host, but the env must still fill the token it omits (#5096).
+export DATABRICKS_TOKEN=$real_token
+title "Describe with a host-only --profile fills the token from the environment (#5096)\n"
+trace $CLI auth describe --profile host-only
diff --git a/acceptance/cmd/auth/describe/profile-overrides-env/test.toml b/acceptance/cmd/auth/describe/profile-overrides-env/test.toml
new file mode 100644
index 00000000000..36c0e7e237b
--- /dev/null
+++ b/acceptance/cmd/auth/describe/profile-overrides-env/test.toml
@@ -0,0 +1,3 @@
+Ignore = [
+    "home"
+]
diff --git a/bundle/config/workspace.go b/bundle/config/workspace.go
index 1300a87a78c..2f9e52149b5 100644
--- a/bundle/config/workspace.go
+++ b/bundle/config/workspace.go
@@ -176,9 +176,18 @@ func (w *Workspace) Client(ctx context.Context) (*databricks.WorkspaceClient, er
 
 	cfg := w.Config(ctx)
 
-	// If only the host is configured, we try and unambiguously match it to
-	// a profile in the user's databrickscfg file. Override the default loaders.
-	if w.Host != "" && w.Profile == "" {
+	switch {
+	case w.Profile != "":
+		// An explicit profile (from --profile or workspace.profile) must take
+		// precedence over auth environment variables; see
+		// databrickscfg.ProfileAuthLoaders (#5096). When the bundle sets both
+		// host and profile the profile now wins for auth, and the
+		// ValidateConfigAndProfileHost check below still enforces that the
+		// bundle host matches the profile host.
+		cfg.Loaders = databrickscfg.ProfileAuthLoaders
+	case w.Host != "":
+		// If only the host is configured, we try and unambiguously match it to
+		// a profile in the user's databrickscfg file. Override the default loaders.
 		cfg.Loaders = []config.Loader{
 			// Load auth creds from env vars
 			config.ConfigAttributes,
diff --git a/bundle/config/workspace_test.go b/bundle/config/workspace_test.go
index b1898db77c8..724137f33f8 100644
--- a/bundle/config/workspace_test.go
+++ b/bundle/config/workspace_test.go
@@ -155,6 +155,54 @@ func TestWorkspaceClientNormalizesHostBeforeProfileResolution(t *testing.T) {
 	assert.Equal(t, "ws2", client.Config.Profile)
 }
 
+func TestWorkspaceClientProfileOverridesAuthEnv(t *testing.T) {
+	// An explicit profile (from --profile or workspace.profile) must win over
+	// authentication environment variables, mirroring MustWorkspaceClient.
+	// See https://github.com/databricks/cli/issues/5096.
+	setupWorkspaceTest(t)
+
+	err := databrickscfg.SaveToProfile(t.Context(), &config.Config{
+		Profile: "tst",
+		Host:    "https://tst.cloud.databricks.test",
+		Token:   "tst-token",
+	})
+	require.NoError(t, err)
+
+	// direnv-style auth env vars pointing at a different (dev) workspace.
+	t.Setenv("DATABRICKS_HOST", "https://dev.cloud.databricks.test")
+	t.Setenv("DATABRICKS_TOKEN", "dev-token")
+
+	w := Workspace{Profile: "tst"}
+	client, err := w.Client(t.Context())
+	require.NoError(t, err)
+	assert.Equal(t, "tst", client.Config.Profile)
+	assert.Equal(t, "https://tst.cloud.databricks.test", client.Config.Host)
+	assert.Equal(t, "tst-token", client.Config.Token)
+}
+
+func TestWorkspaceClientProfileFillsAuthFromEnv(t *testing.T) {
+	// A host-only profile relies on the environment for credentials. The profile
+	// must take precedence for the host, but the env must still fill the token
+	// the profile does not provide (#5096).
+	setupWorkspaceTest(t)
+
+	err := databrickscfg.SaveToProfile(t.Context(), &config.Config{
+		Profile: "host-only",
+		Host:    "https://tst.cloud.databricks.test",
+	})
+	require.NoError(t, err)
+
+	t.Setenv("DATABRICKS_TOKEN", "env-token")
+
+	w := Workspace{Profile: "host-only"}
+	client, err := w.Client(t.Context())
+	require.NoError(t, err)
+	assert.Equal(t, "host-only", client.Config.Profile)
+	assert.Equal(t, "https://tst.cloud.databricks.test", client.Config.Host)
+	// The token is not in the profile, so it is filled from the environment.
+	assert.Equal(t, "env-token", client.Config.Token)
+}
+
 func TestWorkspaceConfigHTTPTimeout(t *testing.T) {
 	for _, tc := range []struct {
 		envVal string
diff --git a/cmd/root/auth.go b/cmd/root/auth.go
index 84c09e8a7ec..2d4b4cba324 100644
--- a/cmd/root/auth.go
+++ b/cmd/root/auth.go
@@ -195,15 +195,22 @@ func MustAnyClient(cmd *cobra.Command, args []string) (bool, error) {
 
 func MustAccountClient(cmd *cobra.Command, args []string) error {
 	cfg := &config.Config{}
+	ctx := cmd.Context()
 
 	// The command-line profile flag takes precedence over DATABRICKS_CONFIG_PROFILE.
 	pr, hasProfileFlag := profileFlagValue(cmd)
 	if hasProfileFlag {
 		cfg.Profile = pr
+		// An explicit --profile takes precedence over auth environment
+		// variables; see databrickscfg.ProfileAuthLoaders (#5096). We also skip
+		// NormalizeDatabricksConfigFromEnv here: with --profile the host comes
+		// from the profile, not from DATABRICKS_HOST, so promoting that env
+		// var's ?o=/?a= query params would be wrong.
+		cfg.Loaders = databrickscfg.ProfileAuthLoaders
+	} else {
+		auth.NormalizeDatabricksConfigFromEnv(ctx, cfg)
 	}
 
-	ctx := cmd.Context()
-	auth.NormalizeDatabricksConfigFromEnv(ctx, cfg)
 	ctx = cmdctx.SetConfigUsed(ctx, cfg)
 	cmd.SetContext(ctx)
 
@@ -324,9 +331,18 @@ func MustWorkspaceClient(cmd *cobra.Command, args []string) error {
 	profile, hasProfileFlag := profileFlagValue(cmd)
 	if hasProfileFlag {
 		cfg.Profile = profile
+		// An explicit --profile takes precedence over auth environment
+		// variables; see databrickscfg.ProfileAuthLoaders (#5096). We also skip
+		// NormalizeDatabricksConfigFromEnv here: with --profile the host comes
+		// from the profile, not from DATABRICKS_HOST, so promoting that env
+		// var's ?o=/?a= query params would be wrong. The one edge this drops is
+		// a host-less profile combined with a SPOG-style DATABRICKS_HOST
+		// (https://host/?o=123): the workspace_id is no longer extracted from
+		// the query, an accepted trade-off for that unusual combination.
+		cfg.Loaders = databrickscfg.ProfileAuthLoaders
+	} else {
+		auth.NormalizeDatabricksConfigFromEnv(ctx, cfg)
 	}
-
-	auth.NormalizeDatabricksConfigFromEnv(ctx, cfg)
 	resolveDefaultProfile(ctx, cfg)
 
 	_, isTargetFlagSet := targetFlagValue(cmd)
diff --git a/cmd/root/auth_test.go b/cmd/root/auth_test.go
index b2a85174098..8f4274521ea 100644
--- a/cmd/root/auth_test.go
+++ b/cmd/root/auth_test.go
@@ -442,6 +442,108 @@ token = flag-token
 	}
 }
 
+func TestMustWorkspaceClientProfileFlagOverridesAuthEnv(t *testing.T) {
+	testutil.CleanupEnvironment(t)
+
+	configFile := filepath.Join(t.TempDir(), ".databrickscfg")
+	err := os.WriteFile(configFile, []byte(`
+[tst-svc]
+host = https://tst.cloud.databricks.test
+token = tst-token
+`), 0o600)
+	require.NoError(t, err)
+
+	t.Setenv("DATABRICKS_CONFIG_FILE", configFile)
+	// direnv-style auth env vars pointing at a different (dev) workspace. Before
+	// the fix for #5096 these shadowed the profile selected with --profile.
+	t.Setenv("DATABRICKS_HOST", "https://dev.cloud.databricks.test")
+	t.Setenv("DATABRICKS_TOKEN", "dev-token")
+
+	ctx := cmdio.MockDiscard(t.Context())
+	ctx = SkipLoadBundle(ctx)
+	cmd := New(ctx)
+
+	err = cmd.Flag("profile").Value.Set("tst-svc")
+	require.NoError(t, err)
+
+	err = MustWorkspaceClient(cmd, []string{})
+	require.NoError(t, err)
+
+	w := cmdctx.WorkspaceClient(cmd.Context())
+	require.NotNil(t, w)
+	// The explicitly selected profile must win over the auth env vars.
+	assert.Equal(t, "tst-svc", w.Config.Profile)
+	assert.Equal(t, "https://tst.cloud.databricks.test", w.Config.Host)
+	assert.Equal(t, "tst-token", w.Config.Token)
+}
+
+func TestMustWorkspaceClientProfileFlagFillsAuthFromEnv(t *testing.T) {
+	testutil.CleanupEnvironment(t)
+
+	// A host-only profile relies on the environment for credentials. This is a
+	// common CI pattern: the host lives in .databrickscfg while DATABRICKS_TOKEN
+	// is injected by the runner. The profile must take precedence for the host,
+	// but the env must still fill the token the profile does not provide (#5096).
+	configFile := filepath.Join(t.TempDir(), ".databrickscfg")
+	err := os.WriteFile(configFile, []byte(`
+[host-only]
+host = https://tst.cloud.databricks.test
+`), 0o600)
+	require.NoError(t, err)
+
+	t.Setenv("DATABRICKS_CONFIG_FILE", configFile)
+	t.Setenv("DATABRICKS_TOKEN", "env-token")
+
+	ctx := cmdio.MockDiscard(t.Context())
+	ctx = SkipLoadBundle(ctx)
+	cmd := New(ctx)
+
+	err = cmd.Flag("profile").Value.Set("host-only")
+	require.NoError(t, err)
+
+	err = MustWorkspaceClient(cmd, []string{})
+	require.NoError(t, err)
+
+	w := cmdctx.WorkspaceClient(cmd.Context())
+	require.NotNil(t, w)
+	assert.Equal(t, "host-only", w.Config.Profile)
+	assert.Equal(t, "https://tst.cloud.databricks.test", w.Config.Host)
+	// The token is not in the profile, so it is filled from the environment.
+	assert.Equal(t, "env-token", w.Config.Token)
+}
+
+func TestMustAccountClientProfileFlagOverridesAuthEnv(t *testing.T) {
+	testutil.CleanupEnvironment(t)
+
+	configFile := filepath.Join(t.TempDir(), ".databrickscfg")
+	err := os.WriteFile(configFile, []byte(`
+[acc-tst]
+host = https://accounts.cloud.databricks.test
+account_id = 1111
+token = tst-token
+`), 0o600)
+	require.NoError(t, err)
+
+	t.Setenv("DATABRICKS_CONFIG_FILE", configFile)
+	// Auth env vars pointing at a different account host. The profile must win.
+	t.Setenv("DATABRICKS_HOST", "https://accounts.dev.databricks.test")
+	t.Setenv("DATABRICKS_TOKEN", "dev-token")
+
+	cmd := New(t.Context())
+	err = cmd.Flag("profile").Value.Set("acc-tst")
+	require.NoError(t, err)
+
+	err = MustAccountClient(cmd, []string{})
+	require.NoError(t, err)
+
+	a := cmdctx.AccountClient(cmd.Context())
+	require.NotNil(t, a)
+	// The explicitly selected profile must win over the auth env vars.
+	assert.Equal(t, "acc-tst", a.Config.Profile)
+	assert.Equal(t, "https://accounts.cloud.databricks.test", a.Config.Host)
+	assert.Equal(t, "tst-token", a.Config.Token)
+}
+
 func TestAccountClientOrPromptReturnsErrorForWrongHostType(t *testing.T) {
 	testutil.CleanupEnvironment(t)
 	t.Setenv("PATH", "")
diff --git a/libs/databrickscfg/loader.go b/libs/databrickscfg/loader.go
index 5d942b0b7c0..26318b57339 100644
--- a/libs/databrickscfg/loader.go
+++ b/libs/databrickscfg/loader.go
@@ -14,6 +14,53 @@ import (
 
 var ResolveProfileFromHost = profileFromHostLoader{}
 
+// ResolveNonAuthFromEnv reads configuration from environment variables, except
+// for the host and any authentication credential. It runs before the config
+// file loader when the user has explicitly selected a profile (via the
+// --profile flag or workspace.profile), so that the profile takes precedence
+// over auth environment variables.
+//
+// The SDK's default loader order is environment first, then config file, and a
+// loader never overwrites a field that is already set. As a result auth env
+// vars (DATABRICKS_HOST, DATABRICKS_TOKEN, ...) shadow the selected profile.
+// Skipping them here lets the subsequent config-file loader populate host and
+// auth from the profile instead. A trailing config.ConfigAttributes loader can
+// still fill auth fields the profile leaves empty (e.g. a host-only profile
+// combined with DATABRICKS_TOKEN). See
+// https://github.com/databricks/cli/issues/5096.
+var ResolveNonAuthFromEnv = nonAuthEnvLoader{}
+
+// ProfileAuthLoaders is the SDK loader chain to use when the user has
+// explicitly selected a profile (via the --profile flag or a bundle's
+// workspace.profile). It is the single source of truth for that precedence
+// rule; call sites should reference it rather than restating the rationale.
+//
+// The selected profile must determine the host, routing identifiers, and
+// authentication, taking precedence over the matching environment variables
+// (DATABRICKS_HOST, DATABRICKS_TOKEN, ...). The SDK's default chain reads the
+// environment before the config file and never overwrites an already-set
+// field, so the env vars would otherwise shadow the profile (issue #5096).
+//
+// Note: this intentionally only governs an explicitly selected profile. A
+// profile picked up from DATABRICKS_CONFIG_PROFILE keeps the SDK's default
+// env-first precedence; see the call sites in cmd/root for the rationale.
+//
+// The order matters:
+//  1. ResolveNonAuthFromEnv loads non-auth, non-routing attributes from the
+//     environment (e.g. cluster_id), preserving env-wins precedence for those.
+//  2. ConfigFile loads the selected profile, populating host, routing and auth.
+//  3. ConfigAttributes loads any remaining attributes from the environment,
+//     filling fields the profile did not provide (e.g. a host-only profile
+//     combined with DATABRICKS_TOKEN). It never overwrites a value the profile
+//     already set, so the profile still wins for #5096. This gap-fill is a
+//     deliberate, tested contract (host-only profiles are a common CI pattern
+//     where the credential is injected via the environment).
+var ProfileAuthLoaders = []config.Loader{
+	ResolveNonAuthFromEnv,
+	config.ConfigFile,
+	config.ConfigAttributes,
+}
+
 var errNoMatchingProfiles = errors.New("no matching config profiles found")
 
 type errMultipleProfiles []string
@@ -60,6 +107,79 @@ func findMatchingProfile(configFile *config.File, matcher func(*ini.Section) boo
 	return matching[0], nil
 }
 
+// nonAuthEnvSkipAttrs lists SDK config attribute names that nonAuthEnvLoader
+// must not read from the environment, beyond those caught by HasAuthAttribute.
+//
+// Criterion: an attribute belongs here if it identifies the target
+// workspace/account (host, routing IDs) or selects/steers the authentication
+// method, but the SDK does NOT tag it `auth:"..."` (so HasAuthAttribute can't
+// catch it). The SDK collapses an `auth:"-"` tag to an empty auth tag (marking
+// the field "internal"), which is why these auth-steering fields slip past
+// HasAuthAttribute and must be listed explicitly. Leaving any of them to the
+// environment would let the matching env var shadow the selected profile, the
+// same bug as #5096. Skipping here only changes precedence: the trailing
+// ConfigAttributes loader still fills any of these the profile leaves empty
+// from the environment (the same gap-fill host and credentials get).
+//
+//   - host: has no `auth` struct tag at all.
+//   - workspace_id (DATABRICKS_WORKSPACE_ID): routing identifier; a profile
+//     that sets it must win, or a stray env var routes the profile's
+//     credentials to a different workspace.
+//   - account_id (DATABRICKS_ACCOUNT_ID): account routing identifier, same
+//     reasoning as workspace_id.
+//   - auth_type (DATABRICKS_AUTH_TYPE): forces a specific auth method.
+//   - discovery_url (DATABRICKS_DISCOVERY_URL): redirects OIDC discovery.
+//   - audience (DATABRICKS_TOKEN_AUDIENCE): selects the token audience for
+//     OIDC/workload-identity flows.
+//   - cloud (DATABRICKS_CLOUD): steers cloud-specific auth (Azure/GCP/AWS).
+//
+// Non-auth env-backed attributes tagged `auth:"-"` (e.g. oauth_callback_port,
+// debug_headers, rate_limit) are intentionally NOT skipped: they don't change
+// which credentials authenticate the request or where it is routed, so
+// env-wins precedence is fine. TestNonAuthEnvSkipAttrsCoverSDKInternalEnvAttrs
+// guards that every auth-steering internal attribute stays classified across
+// SDK bumps.
+var nonAuthEnvSkipAttrs = map[string]bool{
+	"host":          true,
+	"workspace_id":  true,
+	"account_id":    true,
+	"auth_type":     true,
+	"discovery_url": true,
+	"audience":      true,
+	"cloud":         true,
+}
+
+type nonAuthEnvLoader struct{}
+
+func (nonAuthEnvLoader) Name() string {
+	return "environment (excluding auth)"
+}
+
+func (nonAuthEnvLoader) Configure(cfg *config.Config) error {
+	for _, attr := range config.ConfigAttributes {
+		// Leave the host and authentication settings for the config file
+		// (i.e. the selected profile) to provide.
+		if nonAuthEnvSkipAttrs[attr.Name] || attr.HasAuthAttribute() {
+			continue
+		}
+		// Match the SDK loader semantics: don't overwrite a value previously set.
+		if !attr.IsZero(cfg) {
+			continue
+		}
+		v, envName := attr.ReadEnv()
+		if v == "" {
+			continue
+		}
+		if err := attr.SetS(cfg, v); err != nil {
+			return err
+		}
+		// Record the source so `databricks auth describe` and debug output
+		// attribute the value to the environment, matching the SDK loader.
+		cfg.SetAttrSource(&attr, config.Source{Type: config.SourceEnv, Name: envName})
+	}
+	return nil
+}
+
 type profileFromHostLoader struct{}
 
 func (l profileFromHostLoader) Name() string {
diff --git a/libs/databrickscfg/loader_test.go b/libs/databrickscfg/loader_test.go
index 29d5ebfd1cc..77a0e59ecef 100644
--- a/libs/databrickscfg/loader_test.go
+++ b/libs/databrickscfg/loader_test.go
@@ -34,6 +34,73 @@ func TestLoaderSkipsExistingAuth(t *testing.T) {
 	assert.NoError(t, err)
 }
 
+func TestResolveNonAuthFromEnvSkipsHostAndAuth(t *testing.T) {
+	t.Setenv("DATABRICKS_HOST", "https://env.test")
+	t.Setenv("DATABRICKS_TOKEN", "env-token")
+	// auth_type, discovery_url, audience and cloud are tagged auth:"-" in the
+	// SDK, so HasAuthAttribute can't catch them; they steer authentication and
+	// must still be skipped (#5096).
+	t.Setenv("DATABRICKS_AUTH_TYPE", "oauth-m2m")
+	t.Setenv("DATABRICKS_DISCOVERY_URL", "https://discovery.env.test")
+	t.Setenv("DATABRICKS_TOKEN_AUDIENCE", "env-audience")
+	t.Setenv("DATABRICKS_CLOUD", "azure")
+	// workspace_id and account_id are routing identifiers; a profile that sets
+	// them must win, so they are skipped too (#5096).
+	t.Setenv("DATABRICKS_WORKSPACE_ID", "env-workspace")
+	t.Setenv("DATABRICKS_ACCOUNT_ID", "env-account")
+	t.Setenv("DATABRICKS_CLUSTER_ID", "env-cluster")
+
+	cfg := &config.Config{}
+	err := ResolveNonAuthFromEnv.Configure(cfg)
+	require.NoError(t, err)
+
+	// Host, routing and auth settings are left for the profile (config file) to set.
+	assert.Empty(t, cfg.Host)
+	assert.Empty(t, cfg.Token)
+	assert.Empty(t, cfg.AuthType)
+	assert.Empty(t, cfg.DiscoveryURL)
+	assert.Empty(t, cfg.TokenAudience)
+	assert.Empty(t, cfg.Cloud)
+	assert.Empty(t, cfg.WorkspaceID)
+	assert.Empty(t, cfg.AccountID)
+	// Non-auth attributes are still populated from the environment.
+	assert.Equal(t, "env-cluster", cfg.ClusterID)
+}
+
+// TestNonAuthEnvSkipAttrsCoverSDKInternalEnvAttrs guards against an SDK bump
+// silently re-introducing #5096. nonAuthEnvSkipAttrs and HasAuthAttribute
+// together must classify every env-backed attribute that steers authentication.
+// The dangerous category is attributes the SDK tags `auth:"-"` (Internal, so
+// HasAuthAttribute returns false) yet read from the environment: if the SDK
+// adds a new auth-steering one, it would shadow the selected profile again.
+//
+// Every Internal env-backed attribute must therefore be either skipped
+// (auth-steering) or listed below as a reviewed env-first attribute (it does
+// not change which credentials authenticate or where the request is routed).
+// A new SDK attribute fails this test until a human classifies it.
+func TestNonAuthEnvSkipAttrsCoverSDKInternalEnvAttrs(t *testing.T) {
+	knownEnvFirstInternal := map[string]bool{
+		"oauth_callback_port":         true,
+		"disable_oauth_refresh_token": true,
+		"debug_truncate_bytes":        true,
+		"debug_headers":               true,
+		"rate_limit":                  true,
+	}
+
+	for _, attr := range config.ConfigAttributes {
+		if !attr.Internal || len(attr.EnvVars) == 0 {
+			continue
+		}
+		if nonAuthEnvSkipAttrs[attr.Name] || knownEnvFirstInternal[attr.Name] {
+			continue
+		}
+		t.Errorf("SDK config attribute %q (env %v) is internal (auth:\"-\") but unclassified: "+
+			"add it to nonAuthEnvSkipAttrs if it steers auth/routing, or to "+
+			"knownEnvFirstInternal if env-first precedence is safe (#5096)",
+			attr.Name, attr.EnvVars)
+	}
+}
+
 func TestLoaderSkipsExplicitAuthType(t *testing.T) {
 	cfg := config.Config{
 		Loaders: []config.Loader{