diff --git a/authelia/configuration.yml b/authelia/configuration.yml
index d9e2571..36fb8f6 100644
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@@ -157,9 +157,10 @@ server:
 
 storage:
   postgres:
-    host: default.postgresql
+    host: postgresql.pyrocufflink.blue
     database: authelia
-    username: authelia.authelia
+    username: authelia
+    password: unused
     tls:
       skip_verify: false
 
diff --git a/authelia/kustomization.yaml b/authelia/kustomization.yaml
index 88fd896..0b2c0e2 100644
--- a/authelia/kustomization.yaml
+++ b/authelia/kustomization.yaml
@@ -13,6 +13,7 @@ resources:
 - redis.yaml
 - authelia.yaml
 - oidc-cluster-admin.yaml
+- postgres-cert.yaml
 
 replicas:
 - name: authelia
@@ -23,10 +24,6 @@ configMapGenerator:
   namespace: authelia
   files:
   - configuration.yml
-- name: postgresql-ca
-  namespace: authelia
-  files:
-  - postgresql-ca.crt
 
 patches:
 - patch: |-
@@ -41,24 +38,20 @@ patches:
           containers:
           - name: authelia
             env:
-            - name: AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE
-              value: /run/authelia/secrets/postgresql/password
+            - name: AUTHELIA_STORAGE_POSTGRES_TLS_CERTIFICATE_CHAIN_FILE
+              value: /run/authelia/certs/postgresql/tls.crt
+            - name: AUTHELIA_STORAGE_POSTGRES_TLS_PRIVATE_KEY_FILE
+              value: /run/authelia/certs/postgresql/tls.key
             volumeMounts:
-            - mountPath: /run/authelia/certs/postgresql-ca.crt
-              name: postgresql-ca
-              subPath: postgresql-ca.crt
             - mountPath: /run/authelia/certs/dch-root-ca.crt
               name: dch-root-ca
               subPath: dch-root-ca.crt
-            - mountPath: /run/authelia/secrets/postgresql
-              name: postgresql-auth
+            - mountPath: /run/authelia/certs/postgresql
+              name: postgresql-cert
           volumes:
-          - name: postgresql-auth
+          - name: postgresql-cert
             secret:
-              secretName: authelia.authelia.default.credentials.postgresql.acid.zalan.do
-          - name: postgresql-ca
-            configMap:
-              name: postgresql-ca
+              secretName: postgres-client-cert
           - name: dch-root-ca
             configMap:
               name: dch-root-ca
diff --git a/authelia/postgres-cert.yaml b/authelia/postgres-cert.yaml
new file mode 100644
index 0000000..3ccf771
--- /dev/null
+++ b/authelia/postgres-cert.yaml
@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: postgres-client-cert
+spec:
+  commonName: authelia
+  privateKey:
+    algorithm: ECDSA
+  secretName: postgres-client-cert
+  issuerRef:
+    name: postgresql-ca
+    kind: ClusterIssuer