diff --git a/roles/installer/defaults/main.yml b/roles/installer/defaults/main.yml
index fa273b33..c29bba91 100644
--- a/roles/installer/defaults/main.yml
+++ b/roles/installer/defaults/main.yml
@@ -430,6 +430,9 @@ postgres_init_container_commands: |
   chown 26:0 /var/lib/pgsql/data
   chmod 700 /var/lib/pgsql/data
 
+# Enable PostgreSQL SCRAM-SHA-256 migration
+postgres_scram_migration_enabled: true
+
 # Configure postgres connection keepalive
 postgres_keepalives: true
 postgres_keepalives_idle: 5
diff --git a/roles/installer/tasks/database.yml b/roles/installer/tasks/database.yml
index f3a60af2..01a0a86d 100644
--- a/roles/installer/tasks/database.yml
+++ b/roles/installer/tasks/database.yml
@@ -70,6 +70,22 @@
     - debug:
         msg: "--- Upgrading from {{ old_postgres_pod['metadata']['name'] | default('NONE')}} Pod ---"
 
+    - name: Migrate from md5 to scram-sha-256
+      k8s_exec:
+        namespace: "{{ ansible_operator_meta.namespace }}"
+        pod: "{{ old_postgres_pod['metadata']['name'] }}"
+        command: |
+          bash -c "
+          psql -U postgres -c \"ALTER SYSTEM SET password_encryption = 'scram-sha-256';\" &&
+          psql -U postgres -c \"SELECT pg_reload_conf();\" &&
+          psql -U postgres -c \"ALTER USER \\\"{{ awx_postgres_user }}\\\" WITH PASSWORD '{{ awx_postgres_pass }}';\"
+          "
+      register: _migration_output
+      no_log: "{{ no_log }}"
+      when:
+        - postgres_scram_migration_enabled
+        - (_old_pg_version.stdout | default(0) | int ) == 13
+
     - name: Upgrade data dir from old Postgres to {{ supported_pg_version }} if applicable
       include_tasks: upgrade_postgres.yml
       when: