diff --git a/README.md b/README.md
index 04935c07..0ab9d6de 100644
--- a/README.md
+++ b/README.md
@@ -228,9 +228,12 @@ stringData:
   database: <desired database name>
   username: <username to connect as>
   password: <password to connect with>
+  sslmode: prefer
 type: Opaque
 ```
 
+**Note**: The variable `sslmode` is valid for `external` databases only. The allowed values are: `prefer`, `disable`, `allow`, `require`, `verify-ca`, `verify-full`.
+
 #### Migrating data from an old AWX instance
 
 For instructions on how to migrate from an older version of AWX, see [migration.md](./docs/migration.md).
diff --git a/roles/installer/tasks/database_configuration.yml b/roles/installer/tasks/database_configuration.yml
index 350e745b..ec476f7c 100644
--- a/roles/installer/tasks/database_configuration.yml
+++ b/roles/installer/tasks/database_configuration.yml
@@ -108,6 +108,7 @@
     awx_postgres_database: "{{ pg_config['resources'][0]['data']['database'] | b64decode }}"
     awx_postgres_port: "{{ pg_config['resources'][0]['data']['port'] | b64decode }}"
     awx_postgres_host: "{{ pg_config['resources'][0]['data']['host'] | b64decode }}"
+    awx_postgres_sslmode: "{{ pg_config['resources'][0]['data']['sslmode'] |  default('prefer'|b64encode) | b64decode }}"
 
 - name: Look up details for this deployment
   k8s_info:
diff --git a/roles/installer/templates/credentials.py.j2 b/roles/installer/templates/credentials.py.j2
index f71e1085..3f8f1380 100644
--- a/roles/installer/templates/credentials.py.j2
+++ b/roles/installer/templates/credentials.py.j2
@@ -7,7 +7,7 @@ DATABASES = {
         'PASSWORD': "{{ awx_postgres_pass }}",
         'HOST': '{{ awx_postgres_host }}',
         'PORT': "{{ awx_postgres_port }}",
-        'OPTIONS': { 'sslmode': '{{ pg_sslmode|default("prefer") }}',
+        'OPTIONS': { 'sslmode': '{{ awx_postgres_sslmode }}',
                      'sslrootcert': '{{ ca_trust_bundle }}',
         },
     }