diff --git a/deploy/services/helm-charts/dss/values.yaml b/deploy/services/helm-charts/dss/values.yaml
index 3db3cf814..a6ddac73c 100644
--- a/deploy/services/helm-charts/dss/values.yaml
+++ b/deploy/services/helm-charts/dss/values.yaml
@@ -52,3 +52,12 @@ yugabyte:
     clientToServer: true
     insecure: false
     provided: true
+
+  gflags:
+    master:
+      use_client_to_server_encryption: true
+    tserver:
+      use_client_to_server_encryption: true
+      ysql_hba_conf_csv: 'hostssl all all 0.0.0.0/0 cert'
+
+
diff --git a/deploy/services/tanka/yugabyte-auxiliary.libsonnet b/deploy/services/tanka/yugabyte-auxiliary.libsonnet
index d4e9b2837..74f95b60e 100644
--- a/deploy/services/tanka/yugabyte-auxiliary.libsonnet
+++ b/deploy/services/tanka/yugabyte-auxiliary.libsonnet
@@ -98,6 +98,7 @@ local yugabyteLB(metadata, name, ip) =
             --placement_region=%s
             --placement_zone=%s
             --use_private_ip=zone
+            --ysql_hba_conf_csv='hostssl all all 0.0.0.0/0 cert'
           ||| % [
             std.join(",", metadata.yugabyte.masterAddresses),
             metadata.yugabyte.tserver.rpc_bind_addresses,