diff --git a/credentials/env_provider.go b/credentials/env_provider.go
index 89df42f..c095772 100644
--- a/credentials/env_provider.go
+++ b/credentials/env_provider.go
@@ -23,7 +23,7 @@ func newEnvProvider() Provider {
 	return &envProvider{}
 }
 
-func (p *envProvider) resolve() (*Config, error) {
+func (p *envProvider) resolve() (config *Config, err error) {
 	accessKeyId, ok1 := os.LookupEnv(EnvVarAccessKeyIdNew)
 	if !ok1 || accessKeyId == "" {
 		accessKeyId, ok1 = os.LookupEnv(EnvVarAccessKeyId)
@@ -38,10 +38,24 @@ func (p *envProvider) resolve() (*Config, error) {
 	if accessKeySecret == "" {
 		return nil, errors.New(EnvVarAccessKeySecret + " cannot be empty")
 	}
-	config := &Config{
+
+	securityToken := os.Getenv("ALIBABA_CLOUD_SECURITY_TOKEN")
+
+	if securityToken != "" {
+		config = &Config{
+			Type:            tea.String("sts"),
+			AccessKeyId:     tea.String(accessKeyId),
+			AccessKeySecret: tea.String(accessKeySecret),
+			SecurityToken:   tea.String(securityToken),
+		}
+		return
+	}
+
+	config = &Config{
 		Type:            tea.String("access_key"),
 		AccessKeyId:     tea.String(accessKeyId),
 		AccessKeySecret: tea.String(accessKeySecret),
 	}
-	return config, nil
+
+	return
 }
diff --git a/credentials/env_provider_test.go b/credentials/env_provider_test.go
index f7cdb52..f80b03d 100644
--- a/credentials/env_provider_test.go
+++ b/credentials/env_provider_test.go
@@ -14,13 +14,16 @@ func TestEnvresolve(t *testing.T) {
 	originAccessKeyIdNew := os.Getenv(EnvVarAccessKeyIdNew)
 	originAccessKeyId := os.Getenv(EnvVarAccessKeyId)
 	originAccessKeySecret := os.Getenv(EnvVarAccessKeySecret)
+	originSecurityToken := os.Getenv("ALIBABA_CLOUD_SECURITY_TOKEN")
 	os.Setenv(EnvVarAccessKeyId, "")
 	os.Setenv(EnvVarAccessKeyIdNew, "")
 	os.Setenv(EnvVarAccessKeySecret, "")
+	os.Setenv("ALIBABA_CLOUD_SECURITY_TOKEN", "")
 	defer func() {
 		os.Setenv(EnvVarAccessKeyIdNew, originAccessKeyIdNew)
 		os.Setenv(EnvVarAccessKeyId, originAccessKeyId)
 		os.Setenv(EnvVarAccessKeySecret, originAccessKeySecret)
+		os.Setenv("ALIBABA_CLOUD_SECURITY_TOKEN", originSecurityToken)
 	}()
 	c, err := p.resolve()
 	assert.Nil(t, c)
@@ -52,4 +55,12 @@ func TestEnvresolve(t *testing.T) {
 	assert.Equal(t, "access_key", tea.StringValue(c.Type))
 	assert.Equal(t, "AccessKeyIdNew", tea.StringValue(c.AccessKeyId))
 	assert.Equal(t, "AccessKeySecret", tea.StringValue(c.AccessKeySecret))
+
+	os.Setenv("ALIBABA_CLOUD_SECURITY_TOKEN", "token")
+	c, err = p.resolve()
+	assert.Nil(t, err)
+	assert.Equal(t, "sts", tea.StringValue(c.Type))
+	assert.Equal(t, "AccessKeyIdNew", tea.StringValue(c.AccessKeyId))
+	assert.Equal(t, "AccessKeySecret", tea.StringValue(c.AccessKeySecret))
+	assert.Equal(t, "token", tea.StringValue(c.SecurityToken))
 }