SingleStore logo

  • Pricing

LoginL
Start free
SingleStore logo

Blog

/

Engineering

Goodbye Passwords, Hello Security: Introducing singlestore-auth-iam for Server Authentication

3 min read

Nov 25, 2025

David Sharnoff
David Sharnoff, Principal Software Engineer
Goodbye Passwords, Hello Security: Introducing singlestore-auth-iam for Server Authentication

Passwords have long been the weakest link in modern infrastructure. They’re hard to manage, easy to leak, and difficult to rotate securely at scale.At SingleStore, we believe security should be strong and simple. That’s why we’re continuing our journey toward a passwordless future starting with people, and now extending to servers.

From Humans to Servers: Expanding Passwordless Authentication

In 2022, we released singlestore-auth-helper, a library that allows human users to connect to SingleStore databases without storing or sharing passwords. It simplified developer access, improved auditability, and eliminated a major source of credential sprawl.

Now, we’re extending that same convenience and security to services and applications with the new singlestore-auth-iam library.

 

What Is singlestore-auth-iam?

s‍inglestore-auth-iam provides a simple, standards-based way for servers to authenticate into SingleStore databases and the SingleStore Management API, all without passwords.

It integrates seamlessly with your cloud provider’s Identity and Access Management (IAM) system (AWS IAM, Azure AD, or GCP IAM), allowing you to use short-lived, automatically rotated credentials instead of static database passwords.

In short:

  • No stored passwords or shared secrets

  • Automatic credential rotation and revocation

  • Works across cloud environments and automation pipelines

Note: singlestore-auth-iam focuses on authentication, verifying who you are, not authorization, which controls what you can do. Authorization continues to be managed through SingleStore’s role-based permissions.

 

How It Works

Instead of sending a password during connection, singlestore-auth-iam uses your cloud provider’s identity service to obtain a temporary, verifiable token.

When a server connects to SingleStore:

  1. It requests a signed identity token from IAM.

  2. The token is exchanged for a JWT signed by SingleStore.

  3. The JWT is used to authenticate you to your database or to the management API — securely, and without ever handling a password.

Because this mechanism is purely for authentication, no prior setup is needed beyond ensuring that the IAM role already corresponds to a valid database account (or cloud provider account in the portal). The JWT will only work if that IAM role is recognized by SingleStore as having access.

 

Getting Started

For Database Access

To enable passwordless authentication for databases:

  1. Create accounts in your SingleStore engine with account names matching your IAM/cloud principal role.

  2. Mark those accounts with the AUTHENTICATED_WITH_JWT option.

  3. Reference the SingleStore documentation on JWT authentication for step-by-step configuration details.

Once configured, your application or service can use singlestore-auth-iam to connect securely without storing any credentials.

For Management API Access (coming soon)

When available, you’ll be able to use the SingleStore Portal to create Cloud Provider accounts linked to IAM roles.

From there, assign roles and permissions directly through the portal UI, keeping authentication passwordless while maintaining fine-grained authorization via SingleStore’s management interface.

 

Why It Matters

By removing passwords, organizations can dramatically reduce:

  • The risk of credential leakage in code, CI/CD pipelines, or configuration files.

  • The operational burden of rotating secrets or managing shared credentials.

  • The complexity of compliance audits and access reviews.

It’s a win for both security and operations, aligned with the Zero Trust principle of “authenticate everything, trust nothing.”

 

A Unified Approach to Passwordless Security

Together, singlestore-auth-helper and singlestore-auth-iam offer a unified path to eliminating passwords across all access patterns:

  • Developers and analysts: authenticate interactively without passwords.

  • Applications and automation: authenticate programmatically using IAM.

This consistency helps organizations standardize on secure, auditable authentication across their entire SingleStore footprint.

 

The Road Ahead

As data systems evolve, we’re committed to removing friction and risk from how developers and infrastructure connect to SingleStore.

Passwordless authentication is just one step in that journey. Expect more features soon that make securing and scaling your data infrastructure simpler, faster, and safer.

Call to Action: Start experimenting with passwordless server authentication today and say goodbye to passwords for good.

👉 Get started with singlestore-auth-iam

 

On this page

Start building now

Get started with SingleStore Helios today and receive $600 in credits.

Start free
EngineeringProduct

Share

Related reading

Django + SingleStore Integration Guide

Blog

Django + SingleStore Integration Guide

Engineering
Pavlo MischenkoParth Sharma
SingleStore BYOC on AWS: Unlocking Greater Control for Your Data Infrastructure

Blog

SingleStore BYOC on AWS: Unlocking Greater Control for Your Data Infrastructure

Product
Mohan ManthenaRaul GonzalesTanuj Mittal
Beginner's Guide to Approximate Nearest Neighbor (ANN) Search

Blog

Beginner's Guide to Approximate Nearest Neighbor (ANN) Search

Product
Yukthi Dwivedi
Lessons Learned From Using Azure Versioning and Soft-Delete

Blog

Lessons Learned From Using Azure Versioning and Soft-Delete

Engineering
Michael GiannakopolousTom LucasRodrigo Gomes
Finding the Best Cloud Database: Top Solutions for Your Business Needs

Blog

Finding the Best Cloud Database: Top Solutions for Your Business Needs

Product
Yaroslav Demenskyi
Database vs. Data Warehouse vs. Data Lake: Choosing the Right Solution

Blog

Database vs. Data Warehouse vs. Data Lake: Choosing the Right Solution

Product
Matt Tanner