diff --git a/deploy/services/helm-charts/dss/values.yaml b/deploy/services/helm-charts/dss/values.yaml
index 40897d127..aba6a1ab6 100644
--- a/deploy/services/helm-charts/dss/values.yaml
+++ b/deploy/services/helm-charts/dss/values.yaml
@@ -64,6 +64,8 @@ yugabyte:
       placement_cloud: "cloud-1"
       placement_region: "uss-1"
       placement_zone: "zone-1"
+      use_client_to_server_encryption: true
+      ysql_hba_conf_csv: 'hostssl all all 0.0.0.0/0 cert'
 
 monitoring:
   enabled: false
@@ -269,4 +271,3 @@ grafana:
   persistence:
     type: pvc
     enabled: true
->>>>>>> f3220540 ([helm] Add support for monitoring stack)
diff --git a/deploy/services/tanka/yugabyte-auxiliary.libsonnet b/deploy/services/tanka/yugabyte-auxiliary.libsonnet
index 8f3274f47..53c1e0d55 100644
--- a/deploy/services/tanka/yugabyte-auxiliary.libsonnet
+++ b/deploy/services/tanka/yugabyte-auxiliary.libsonnet
@@ -100,6 +100,7 @@ local yugabyteLB(metadata, name, ip) =
             --placement_zone=%s
             --use_private_ip=zone
             --node_to_node_encryption_use_client_certificates=true
+            --ysql_hba_conf_csv='hostssl all all 0.0.0.0/0 cert'
           ||| % [
             std.join(",", metadata.yugabyte.masterAddresses),
             metadata.yugabyte.tserver.rpc_bind_addresses,