diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl
index 4c874a4..21e99bc 100644
--- a/helm/templates/_helpers.tpl
+++ b/helm/templates/_helpers.tpl
@@ -31,6 +31,45 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Generate a random token if not set.
+*/}}
+{{- define "nacos.auth.token" -}}
+{{- if .Values.nacos.auth.enable}}
+    {{- if not (empty .Values.nacos.auth.token) }}
+        {{- .Values.nacos.auth.token -}}
+    {{- else -}}
+        {{- randAlphaNum 64 -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Generate a random identity key if not set.
+*/}}
+{{- define "nacos.auth.identityKey" -}}
+{{- if .Values.nacos.auth.enable}}
+    {{- if not (empty .Values.nacos.auth.identityKey) }}
+        {{- .Values.nacos.auth.identityKey -}}
+    {{- else -}}
+        {{- randAlphaNum 16  -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Generate a random identity value if not set.
+*/}}
+{{- define "nacos.auth.identityValue" -}}
+{{- if .Values.nacos.auth.enable}}
+    {{- if not (empty .Values.nacos.auth.identityValue) }}
+        {{- .Values.nacos.auth.identityValue -}}
+    {{- else -}}
+        {{- randAlphaNum 16  -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Common labels
 */}}
diff --git a/helm/templates/statefulset.yaml b/helm/templates/statefulset.yaml
index 854ad2a..bc7ae1d 100644
--- a/helm/templates/statefulset.yaml
+++ b/helm/templates/statefulset.yaml
@@ -103,6 +103,16 @@ spec:
                   apiVersion: v1
                   fieldPath: metadata.namespace
             {{- end }}
+            {{- if .Values.nacos.auth.enable }}
+            - name: NACOS_AUTH_ENABLE
+              value: "true"
+            - name: NACOS_AUTH_TOKEN
+              value: {{ include "nacos.auth.token" . | quote }}
+            - name: NACOS_AUTH_IDENTITY_KEY
+              value: {{ include "nacos.auth.identityKey" . | quote }}
+            - name: NACOS_AUTH_IDENTITY_VALUE
+              value: {{ include "nacos.auth.identityValue" . | quote }}
+            {{- end }}
             {{- if eq .Values.nacos.storage.type "mysql" }}
             - name: SPRING_DATASOURCE_PLATFORM
               value: "mysql"
diff --git a/helm/values.yaml b/helm/values.yaml
index 08f8a20..2c24ff6 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -24,6 +24,14 @@ nacos:
   domainName: cluster.local
   preferhostmode: hostname
   serverPort: 8848
+  auth:
+    enable: false
+    ## if not set, generate a random token
+    token: ""
+    ## if not set, generate a random key
+    identityKey: ""
+    ## if not set, generate a random value
+    identityValue: ""
   health:
     enabled: false
   storage: