diff --git a/mqttserver/main.go b/mqttserver/main.go
index c7ff0e2724677d5b986ab5c850e526897f0e8251..f83948b8af78595bdeb4c73d63ae3741c8a8073f 100644
--- a/mqttserver/main.go
+++ b/mqttserver/main.go
@@ -12,7 +12,21 @@ import (
 func Start() {
 	server := mqtt.New(nil)
 
-	_ = server.AddHook(new(auth.AllowHook), nil)
+	if os.Getenv("MQTT_USERNAME") == "" {
+		_ = server.AddHook(new(auth.AllowHook), nil)
+	} else {
+		_ = server.AddHook(new(auth.Hook), &auth.Options{
+			Ledger: &auth.Ledger{
+				Auth: auth.AuthRules{
+					{
+						Username: auth.RString(os.Getenv("MQTT_USERNAME")),
+						Password: auth.RString(os.Getenv("MQTT_PASSWORD")),
+						Allow:    true,
+					},
+				},
+			},
+		})
+	}
 
 	if os.Getenv("MQTT_LISTEN") == "" {
 		log.Log.Fatal("please set MQTT_LISTEN")