diff --git a/build.gradle.kts b/build.gradle.kts
index d7e81a5..2bb7774 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -10,7 +10,7 @@ plugins {
     id("org.springframework.boot") version "2.7.0"
     id("io.spring.dependency-management") version "1.0.11.RELEASE"
     kotlin("jvm") version "1.6.21"
-    kotlin("plugin.spring") version "1.6.21" apply false
+    kotlin("plugin.spring") version "1.6.21" apply false    // TODO: apply false what?
     kotlin("plugin.jpa") version "1.6.21" apply false
 }
 
@@ -52,6 +52,7 @@ subprojects {
         implementation("org.springframework.boot:spring-boot-starter-data-jpa")
         implementation("org.springframework.boot:spring-boot-starter-web")
         implementation("org.springframework.boot:spring-boot-starter-validation")
+        implementation("org.springframework.boot:spring-boot-starter-security")
         implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
         developmentOnly("org.springframework.boot:spring-boot-devtools")
 
@@ -62,6 +63,7 @@ subprojects {
         // DB
         runtimeOnly("mysql:mysql-connector-java") // MySQL
         runtimeOnly("com.h2database:h2") // H2
+        implementation("org.flywaydb:flyway-core:7.15.0") // flyway
 
         // Logging
         // log4j2
@@ -69,10 +71,9 @@ subprojects {
         // testImplementation("org.springframework.boot:spring-boot-starter-log4j2")
         implementation("io.github.microutils:kotlin-logging:2.1.21")
 
-        implementation("org.flywaydb:flyway-core:7.15.0") // flyway
-
         // Test
         testImplementation("org.springframework.boot:spring-boot-starter-test")
+        testImplementation("org.springframework.security:spring-security-test")
     }
 
     tasks.withType<KotlinCompile> {
diff --git a/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/common/config/SecurityConfig.kt b/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/common/config/SecurityConfig.kt
new file mode 100644
index 0000000..eaed309
--- /dev/null
+++ b/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/common/config/SecurityConfig.kt
@@ -0,0 +1,27 @@
+package io.beaniejoy.dongnecafe.common.config
+
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.crypto.factory.PasswordEncoderFactories
+import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.security.web.SecurityFilterChain
+
+@Configuration
+@EnableWebSecurity
+class SecurityConfig {
+    @Bean
+    fun passwordEncoder(): PasswordEncoder {
+        return PasswordEncoderFactories.createDelegatingPasswordEncoder()
+    }
+
+    @Bean
+    fun filterChain(http: HttpSecurity): SecurityFilterChain {
+        return http
+            .cors().disable()
+            .csrf().disable()
+            .formLogin().disable()
+            .build()
+    }
+}
\ No newline at end of file
diff --git a/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/controller/AuthController.kt b/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/controller/AuthController.kt
new file mode 100644
index 0000000..009c484
--- /dev/null
+++ b/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/controller/AuthController.kt
@@ -0,0 +1,24 @@
+package io.beaniejoy.dongnecafe.controller
+
+import io.beaniejoy.dongnecafe.domain.member.model.request.SignInRequest
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+
+@RestController
+@RequestMapping("/auth")
+class AuthController(
+    private val authenticationManagerBuilder: AuthenticationManagerBuilder
+) {
+
+    @PostMapping("/authenticate")
+    fun signIn(@RequestBody signInRequest: SignInRequest) {
+        val authenticationToken =
+            UsernamePasswordAuthenticationToken(signInRequest.email, signInRequest.password)
+
+        val authenticate = authenticationManagerBuilder.`object`.authenticate(authenticationToken)
+    }
+}
\ No newline at end of file
diff --git a/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/controller/MemberController.kt b/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/controller/MemberController.kt
index c677ed1..c367131 100644
--- a/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/controller/MemberController.kt
+++ b/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/controller/MemberController.kt
@@ -8,11 +8,11 @@ import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
 
 @RestController
-@RequestMapping("/api/members")
+@RequestMapping("/auth/members")
 class MemberController(
     private val memberService: MemberService
 ) {
-    @PostMapping("/signup")
+    @PostMapping("/sign-up")
     fun signUp(@RequestBody resource: MemberRegisterRequest): Long {
         return memberService.registerMember(resource)
     }
diff --git a/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/service/MemberService.kt b/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/service/MemberService.kt
index 1a98d60..f4e11d7 100644
--- a/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/service/MemberService.kt
+++ b/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/service/MemberService.kt
@@ -4,13 +4,15 @@ import io.beaniejoy.dongnecafe.domain.member.entity.Member
 import io.beaniejoy.dongnecafe.domain.member.model.request.MemberRegisterRequest
 import io.beaniejoy.dongnecafe.domain.member.repository.MemberRepository
 import io.beaniejoy.dongnecafe.error.MemberExistedException
+import org.springframework.security.crypto.password.PasswordEncoder
 import org.springframework.stereotype.Service
 import org.springframework.transaction.annotation.Transactional
 
 @Service
 @Transactional
 class MemberService(
-    private val memberRepository: MemberRepository
+    private val memberRepository: MemberRepository,
+    private val passwordEncoder: PasswordEncoder
 ) {
     fun registerMember(resource: MemberRegisterRequest): Long {
         memberRepository.findByEmail(resource.email!!)?.also {
@@ -20,7 +22,7 @@ class MemberService(
         val registeredMember = memberRepository.save(
             Member.createMember(
                 email = resource.email!!,
-                password = resource.password!!,
+                password = passwordEncoder.encode(resource.password!!),
                 address = resource.address!!,
                 phoneNumber = resource.phoneNumber!!
             )
diff --git a/dongne-common/src/main/kotlin/io/beaniejoy/dongnecafe/domain/member/model/request/SignInRequest.kt b/dongne-common/src/main/kotlin/io/beaniejoy/dongnecafe/domain/member/model/request/SignInRequest.kt
new file mode 100644
index 0000000..c81a07e
--- /dev/null
+++ b/dongne-common/src/main/kotlin/io/beaniejoy/dongnecafe/domain/member/model/request/SignInRequest.kt
@@ -0,0 +1,6 @@
+package io.beaniejoy.dongnecafe.domain.member.model.request
+
+data class SignInRequest(
+    val email: String,
+    val password: String
+)
\ No newline at end of file