diff --git a/apps/base/hedgedoc/database.yaml b/apps/base/hedgedoc/database.yaml
index c424fdec0fcbb0b196fc86548024bfb5bc84e5b6..48d34c478f88492cec7b76447891caeb5e6079a6 100644
--- a/apps/base/hedgedoc/database.yaml
+++ b/apps/base/hedgedoc/database.yaml
@@ -16,3 +16,25 @@ spec:
     hedgedoc: hedgedoc
   postgresql:
     version: "14"
+  spiloFSGroup: 103
+  tls:
+    secretName: "hedgedoc-postgres-tls"
+    caSecretName: "namespace-ca"
+    caFile: "ca.crt"
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: hedgedoc-postgres
+  namespace: hedgedoc
+spec:
+  secretName: hedgedoc-postgres-tls
+  dnsNames:
+    - hedgedoc-postgres.hedgedoc.svc.cluster.local
+    - hedgedoc-postgres.hedgedoc.svc
+  issuerRef:
+    name: namespace-ca-issuer
+    kind: Issuer
+    group: cert-manager.io
+  usages:
+    - server auth