diff --git a/CHANGELOG.md b/CHANGELOG.md
index f43a14fc2..1281427c1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+### Added
+
+- Added `AuthenticationClass` provider static ([#514]).
+
+[#514]: https://github.com/stackabletech/operator-rs/pull/514
+
 ## [0.27.1] - 2022-11-17
 
 ### Changed
diff --git a/src/commons/authentication.rs b/src/commons/authentication.rs
index e1e436ef2..0b1da3fc2 100644
--- a/src/commons/authentication.rs
+++ b/src/commons/authentication.rs
@@ -32,6 +32,23 @@ pub struct AuthenticationClassSpec {
 pub enum AuthenticationClassProvider {
     Ldap(LdapAuthenticationProvider),
     Tls(TlsAuthenticationProvider),
+    Static(StaticAuthenticationProvider),
+}
+
+#[derive(Clone, Debug, Deserialize, Eq, JsonSchema, PartialEq, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct StaticAuthenticationProvider {
+    /// Secret providing the usernames and password.
+    /// The secret must contain an entry for every user, with the key being the username and the value the password in plain text.
+    /// It must be located in the same namespace as the product using it.
+    user_credentials_secret: UserCredentialsSecretRef,
+}
+
+#[derive(Clone, Debug, Deserialize, Eq, JsonSchema, PartialEq, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct UserCredentialsSecretRef {
+    /// Name of the secret
+    name: String,
 }
 
 #[cfg(test)]