diff --git a/flux2/cluster/base/single-sign-on.yaml b/flux2/cluster/base/single-sign-on.yaml
index 711a56d589c93ed9621ef9c63618dff3c8077436..2663c71dd27bb1b83865ef5fa003950db23fab2f 100644
--- a/flux2/cluster/base/single-sign-on.yaml
+++ b/flux2/cluster/base/single-sign-on.yaml
@@ -22,6 +22,10 @@ spec:
       - kind: Secret
         name: stackspin-cluster-variables
   healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: single-sign-on-database
+      namespace: stackspin
     - apiVersion: helm.toolkit.fluxcd.io/v2beta1
       kind: HelmRelease
       name: single-sign-on
diff --git a/flux2/core/base/single-sign-on/kustomization.yaml b/flux2/core/base/single-sign-on/kustomization.yaml
index 0103cabedd67afd76a28bf0a0d4621dd5425300b..64929c1103bb721a6c39c4e4b6315e4c6cc41e4a 100644
--- a/flux2/core/base/single-sign-on/kustomization.yaml
+++ b/flux2/core/base/single-sign-on/kustomization.yaml
@@ -4,5 +4,7 @@ kind: Kustomization
 namespace: stackspin
 resources:
   - pvc-database.yaml
-  - release.yaml
+  - single-sign-on-release.yaml
   - single-sign-on-values-configmap.yaml
+  - single-sign-on-database-release.yaml
+  - single-sign-on-database-values-configmap.yaml
diff --git a/flux2/core/base/single-sign-on/single-sign-on-database-release.yaml b/flux2/core/base/single-sign-on/single-sign-on-database-release.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..218bac4019c2a253ce4ae0ba44adf02be350de94
--- /dev/null
+++ b/flux2/core/base/single-sign-on/single-sign-on-database-release.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: single-sign-on-database
+spec:
+  releaseName: single-sign-on-database
+  chart:
+    spec:
+      # renovate: registryUrl=https://charts.bitnami.com/bitnami
+      chart: postgresql
+      version: 10.12.4
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  interval: 1h0m0s
+  install:
+    timeout: 10m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-single-sign-on-database-values
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-single-sign-on-database-override
+      optional: true
+    - kind: Secret
+      name: stackspin-single-sign-on-database-override
+      optional: true
diff --git a/flux2/core/base/single-sign-on/single-sign-on-database-values-configmap.yaml b/flux2/core/base/single-sign-on/single-sign-on-database-values-configmap.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8e0ff3551998b3b4e104ab00edb0383ad3f5f5bc
--- /dev/null
+++ b/flux2/core/base/single-sign-on/single-sign-on-database-values-configmap.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-single-sign-on-database-values
+data:
+  values.yaml: |
+    persistence:
+      enabled: true
+      existingClaim: single-sign-on-database
+    initdbScripts:
+      setup.sql: |
+        CREATE USER hydra WITH PASSWORD '${hydra_postgresql_password}';
+        CREATE USER kratos WITH PASSWORD '${kratos_postgresql_password}';
+        CREATE USER stackspin WITH PASSWORD '${dashboard_postgresql_password}';
+        CREATE DATABASE kratos WITH OWNER kratos;
+        CREATE DATABASE hydra WITH OWNER hydra;
+        CREATE DATABASE stackspin WITH OWNER stackspin;
diff --git a/flux2/core/base/single-sign-on/release.yaml b/flux2/core/base/single-sign-on/single-sign-on-release.yaml
similarity index 93%
rename from flux2/core/base/single-sign-on/release.yaml
rename to flux2/core/base/single-sign-on/single-sign-on-release.yaml
index 19199dff5063cb66a5d86bfd35067c3ee9215156..ee1065928db46880c8a294b26b3bf1cab1809240 100644
--- a/flux2/core/base/single-sign-on/release.yaml
+++ b/flux2/core/base/single-sign-on/single-sign-on-release.yaml
@@ -6,12 +6,12 @@ metadata:
 spec:
   releaseName: single-sign-on
   dependsOn:
-    - name: nginx
+    - name: single-sign-on-database
   chart:
     spec:
       # renovate: registryUrl=https://open.greenhost.net/api/v4/projects/8/packages/helm/stable
       chart: single-sign-on
-      version: 0.6.1
+      version: 0.7.0
       sourceRef:
         kind: HelmRepository
         name: single-sign-on
diff --git a/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml b/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
index 2556b1ffc1c7ae6d36271a3c50cb541a09f79f0b..5adcd3f3d0c8093c32057afc035486bf17326c29 100644
--- a/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
+++ b/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
@@ -11,19 +11,8 @@ data:
       user: ${admin_email}
       password: ${userbackend_admin_password}
       db:
-        password: ${userbackend_postgres_password}
-
-    postgresql:
-      persistence:
-        existingClaim: single-sign-on-database
-      initdbScripts:
-        setup.sql: |
-          CREATE USER hydra WITH PASSWORD '${hydra_postgresql_password}';
-          CREATE USER kratos WITH PASSWORD '${kratos_postgresql_password}';
-          CREATE USER stackspin WITH PASSWORD '${dashboard_postgresql_password}';
-          CREATE DATABASE kratos WITH OWNER kratos;
-          CREATE DATABASE hydra WITH OWNER hydra;
-          CREATE DATABASE stackspin WITH OWNER stackspin;
+        hostname: single-sign-on-database-postgresql
+        password: ${dashboard_postgresql_password}
 
     hydra-maester:
       # Watches the flux-system namespace because that is where the app
@@ -44,7 +33,7 @@ data:
           secrets:
             system:
               - "${hydra_system_secret}"
-          dsn: "postgres://hydra:${hydra_postgresql_password}@single-sign-on-postgresql:5432/hydra"
+          dsn: "postgres://hydra:${hydra_postgresql_password}@single-sign-on-database-postgresql:5432/hydra"
       ingress:
         public:
           enabled: true
@@ -66,7 +55,7 @@ data:
     kratos:
       kratos:
         config:
-          dsn: "postgres://kratos:${kratos_postgresql_password}@single-sign-on-postgresql:5432/kratos"
+          dsn: "postgres://kratos:${kratos_postgresql_password}@single-sign-on-database-postgresql:5432/kratos"
           serve:
             public:
               base_url: https://sso.${domain}/api/
diff --git a/install/templates/stackspin-single-sign-on-variables.yaml.jinja b/install/templates/stackspin-single-sign-on-variables.yaml.jinja
index 56ccc93f9bc7c944bc362d67afa7c01d83cb28f5..e11fbae5df1d5141d39404c0558ad599cb2e2152 100644
--- a/install/templates/stackspin-single-sign-on-variables.yaml.jinja
+++ b/install/templates/stackspin-single-sign-on-variables.yaml.jinja
@@ -10,4 +10,3 @@ data:
   kratos_postgresql_password: "{{ 32 | generate_password | b64encode }}"
   kratos_session_secret: "{{ 32 | generate_password | b64encode }}"
   userbackend_admin_password: "{{ 32 | generate_password | b64encode }}"
-  userbackend_postgres_password: "{{ 32 | generate_password | b64encode }}"
diff --git a/stackspin/cluster.py b/stackspin/cluster.py
index c98858ac3bd05b86ff5e0a326b43133cd2809b1f..fd9f8fdd539a8354c469126569c97906211e038f 100644
--- a/stackspin/cluster.py
+++ b/stackspin/cluster.py
@@ -210,7 +210,7 @@ KUBECONFIG={cluster_dir}/kube_config_cluster.yml
                     'onlyoffice_rabbitmq_password'],
                 'stackspin-single-sign-on-variables': [
                     'userbackend_admin_password',
-                    'userbackend_postgres_password',
+                    'dashboard_postgresql_password',
                     'hydra_system_secret'],
                 'stackspin-wordpress-variables': [
                     'wordpress_admin_password',