diff --git a/server/conf.go b/server/conf.go
index 20bd6488..69a682ac 100644
--- a/server/conf.go
+++ b/server/conf.go
@@ -95,6 +95,11 @@ func ProcessConfigFile(configFile string, opts *Options) error {
 				return err
 			}
 			opts.NATSServerURL = v.(string)
+		case "credentials":
+			if err := checkType(k, reflect.String, v); err != nil {
+				return err
+			}
+			opts.NATSCredentials = v.(string)
 		case "secure":
 			if err := checkType(k, reflect.Bool, v); err != nil {
 				return err
diff --git a/server/conf_test.go b/server/conf_test.go
index 00628a4d..b5b2f06e 100644
--- a/server/conf_test.go
+++ b/server/conf_test.go
@@ -75,6 +75,9 @@ func TestParseConfig(t *testing.T) {
 	if opts.ClientCA != "/path/to/client/ca_file" {
 		t.Fatalf("Expected ClientCA to be %q, got %q", "/path/to/client/ca_file", opts.ClientCA)
 	}
+	if opts.NATSCredentials != "credentials.creds" {
+		t.Fatalf("Expected Credentials to be %q, got %q", "credentials.creds", opts.NATSCredentials)
+	}
 	if !opts.FileStoreOpts.CompactEnabled {
 		t.Fatalf("Expected CompactEnabled to be true, got false")
 	}
@@ -477,6 +480,7 @@ func TestParseWrongTypes(t *testing.T) {
 	expectFailureFor(t, "encrypt: 123", wrongTypeErr)
 	expectFailureFor(t, "encryption_cipher: 123", wrongTypeErr)
 	expectFailureFor(t, "encryption_key: 123", wrongTypeErr)
+	expectFailureFor(t, "credentials: 123", wrongTypeErr)
 }
 
 func expectFailureFor(t *testing.T, content, errorMatch string) {
diff --git a/server/server.go b/server/server.go
index 6c6c9505..264cf2db 100644
--- a/server/server.go
+++ b/server/server.go
@@ -1279,6 +1279,7 @@ type Options struct {
 	IOBatchSize        int           // Maximum number of messages collected from clients before starting their processing.
 	IOSleepTime        int64         // Duration (in micro-seconds) the server waits for more message to fill up a batch.
 	NATSServerURL      string        // URL for external NATS Server to connect to. If empty, NATS Server is embedded.
+	NATSCredentials    string        // Credentials file for connecting to external NATS Server.
 	ClientHBInterval   time.Duration // Interval at which server sends heartbeat to a client.
 	ClientHBTimeout    time.Duration // How long server waits for a heartbeat response.
 	ClientHBFailCount  int           // Number of failed heartbeats before server closes client connection.
@@ -1315,7 +1316,6 @@ var defaultOptions = Options{
 	FileStoreOpts:     stores.DefaultFileStoreOptions,
 	IOBatchSize:       DefaultIOBatchSize,
 	IOSleepTime:       DefaultIOSleepTime,
-	NATSServerURL:     "",
 	ClientHBInterval:  DefaultHeartBeatInterval,
 	ClientHBTimeout:   DefaultClientHBTimeout,
 	ClientHBFailCount: DefaultMaxFailedHeartBeats,
@@ -1428,6 +1428,10 @@ func (s *StanServer) createNatsClientConn(name string) (*nats.Conn, error) {
 	var err error
 	ncOpts := nats.DefaultOptions
 
+	if s.opts.NATSCredentials != "" {
+		nats.UserCredentials(s.opts.NATSCredentials)(&ncOpts)
+	}
+
 	for _, o := range s.opts.NATSClientOpts {
 		o(&ncOpts)
 	}
diff --git a/test/configs/test_parse.conf b/test/configs/test_parse.conf
index 086651f4..37f557e4 100644
--- a/test/configs/test_parse.conf
+++ b/test/configs/test_parse.conf
@@ -16,6 +16,7 @@ streaming: {
   encrypt: true
   encryption_cipher: "AES"
   encryption_key: "key"
+  credentials: "credentials.creds"
 
   store_limits: {
       max_channels: 11