diff --git a/charts/reports-server/Chart.lock b/charts/reports-server/Chart.lock
index 36f6164..0bbfe4a 100644
--- a/charts/reports-server/Chart.lock
+++ b/charts/reports-server/Chart.lock
@@ -2,5 +2,5 @@ dependencies:
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
   version: 13.4.1
-digest: sha256:ac38b83c061b6851340ec78ea88bc2ac4a24d705235ebeeab2edc69ceb18f598
-generated: "2024-01-23T21:13:53.879046+01:00"
+digest: sha256:7cbc27b5bb538d7d09c4c5a5ea31bcc0628aa27fe4a5bdfb71dfca288b80bc89
+generated: "2024-01-26T10:24:28.144328+05:30"
diff --git a/charts/reports-server/README.md b/charts/reports-server/README.md
index a6b1528..a19560d 100644
--- a/charts/reports-server/README.md
+++ b/charts/reports-server/README.md
@@ -59,6 +59,10 @@ helm install reports-server --namespace reports-server --create-namespace report
 | config.db.name | string | `"reportsdb"` | Database name |
 | config.db.user | string | `"postgres"` | Database user |
 | config.db.password | string | `"reports"` | Database password |
+| config.db.sslmode | string | `"disable"` | Database SSL |
+| config.db.sslrootcert | string | `""` | Database SSL root cert |
+| config.db.sslkey | string | `""` | Database SSL key |
+| config.db.sslcert | string | `""` | Database SSL cert |
 
 ## Source Code
 
diff --git a/charts/reports-server/templates/deployment.yaml b/charts/reports-server/templates/deployment.yaml
index 46f8979..7d15ceb 100644
--- a/charts/reports-server/templates/deployment.yaml
+++ b/charts/reports-server/templates/deployment.yaml
@@ -43,6 +43,10 @@ spec:
             - --dbname={{ .Values.config.db.name }}
             - --dbuser={{ .Values.config.db.user }}
             - --dbpassword={{ .Values.config.db.password }}
+            - --dbsslmode={{ .Values.config.db.sslmode }}
+            - --dbsslrootcert={{ .Values.config.db.sslrootcert }}
+            - --dbsslkey={{ .Values.config.db.sslkey }}
+            - --dbsslcert={{ .Values.config.db.sslcert }}
             {{- end }}
             - --cert-dir=/tmp
             - --secure-port=4443
diff --git a/charts/reports-server/values.yaml b/charts/reports-server/values.yaml
index a3964a1..783d1d5 100644
--- a/charts/reports-server/values.yaml
+++ b/charts/reports-server/values.yaml
@@ -149,3 +149,15 @@ config:
 
     # -- Database password
     password: reports
+
+    # -- Database SSL
+    sslmode: disable
+
+    # -- Database SSL root cert
+    sslrootcert: ""
+
+    # -- Database SSL key
+    sslkey: ""
+
+    # -- Database SSL cert
+    sslcert: ""
diff --git a/pkg/app/opts/options.go b/pkg/app/opts/options.go
index 9e207f2..4841b43 100644
--- a/pkg/app/opts/options.go
+++ b/pkg/app/opts/options.go
@@ -33,11 +33,17 @@ type Options struct {
 	ShowVersion bool
 	Debug       bool
 	Kubeconfig  string
-	DBHost      string
-	DBPort      int
-	DBUser      string
-	DBPassword  string
-	DBName      string
+
+	// dbopts
+	DBHost        string
+	DBPort        int
+	DBUser        string
+	DBPassword    string
+	DBName        string
+	DBSSLMode     string
+	DBSSLRootCert string
+	DBSSLKey      string
+	DBSSLCert     string
 
 	// Only to be used to for testing
 	DisableAuthForTesting bool
@@ -67,6 +73,10 @@ func (o *Options) Flags() (fs flag.NamedFlagSets) {
 	msfs.StringVar(&o.DBUser, "dbuser", "postgres", "Username to login into postgres")
 	msfs.StringVar(&o.DBPassword, "dbpassword", "password", "Password to login into postgres")
 	msfs.StringVar(&o.DBName, "dbname", "reportsdb", "Name of the database to store policy reports in")
+	msfs.StringVar(&o.DBSSLMode, "dbsslmode", "disable", "SSL mode of the postgres database.")
+	msfs.StringVar(&o.DBSSLRootCert, "dbsslrootcert", "", "Path to database root cert.")
+	msfs.StringVar(&o.DBSSLKey, "dbsslkey", "", "Path to database ssl key.")
+	msfs.StringVar(&o.DBSSLCert, "dbsslcert", "", "Path to database ssl cert.")
 
 	o.SecureServing.AddFlags(fs.FlagSet("apiserver secure serving"))
 	o.Authentication.AddFlags(fs.FlagSet("apiserver authentication"))
@@ -101,11 +111,15 @@ func (o Options) ServerConfig() (*server.Config, error) {
 	}
 
 	dbconfig := &db.PostgresConfig{
-		Host:     o.DBHost,
-		Port:     o.DBPort,
-		User:     o.DBUser,
-		Password: o.DBPassword,
-		DBname:   o.DBName,
+		Host:        o.DBHost,
+		Port:        o.DBPort,
+		User:        o.DBUser,
+		Password:    o.DBPassword,
+		DBname:      o.DBName,
+		SSLMode:     o.DBSSLMode,
+		SSLRootCert: o.DBSSLRootCert,
+		SSLKey:      o.DBSSLKey,
+		SSLCert:     o.DBSSLCert,
 	}
 
 	return &server.Config{
diff --git a/pkg/storage/db/new.go b/pkg/storage/db/new.go
index 5987241..2f4f390 100644
--- a/pkg/storage/db/new.go
+++ b/pkg/storage/db/new.go
@@ -70,15 +70,19 @@ func (p *postgresstore) Ready() bool {
 }
 
 type PostgresConfig struct {
-	Host     string
-	Port     int
-	User     string
-	Password string
-	DBname   string
+	Host        string
+	Port        int
+	User        string
+	Password    string
+	DBname      string
+	SSLMode     string
+	SSLRootCert string
+	SSLKey      string
+	SSLCert     string
 }
 
 func (p PostgresConfig) String() string {
 	return fmt.Sprintf("host=%s port=%d user=%s "+
-		"password=%s dbname=%s sslmode=disable",
-		p.Host, p.Port, p.User, p.Password, p.DBname)
+		"password=%s dbname=%s sslmode=%s sslrootcert=%s sslkey=%s sslcert=%s",
+		p.Host, p.Port, p.User, p.Password, p.DBname, p.SSLMode, p.SSLRootCert, p.SSLKey, p.SSLCert)
 }