diff --git a/service/files/defaults.yaml b/service/files/defaults.yaml
index aa21508..5aebddd 100644
--- a/service/files/defaults.yaml
+++ b/service/files/defaults.yaml
@@ -4,6 +4,8 @@ configs:
   db:
     root_password: "password"
     max_timeout: 60
+    tls:
+      enabled: true
   percona:
     cluster_name: "k8scluster"
     xtrabackup_password: "password"
diff --git a/service/files/my.cnf.j2 b/service/files/my.cnf.j2
index 973e991..d3f1334 100644
--- a/service/files/my.cnf.j2
+++ b/service/files/my.cnf.j2
@@ -35,9 +35,9 @@ wsrep_provider = /usr/lib/galera3/libgalera_smm.so
 wsrep_cluster_name = {{ percona.cluster_name }}
 wsrep_sst_method = xtrabackup-v2
 wsrep_sst_auth = "xtrabackup:{{ percona.xtrabackup_password }}"
-wsrep_provider_options = "gcache.size={{ percona.gcache_size }};gcache.recover=yes{% if percona.tls.enabled %};socket.ssl=yes;socket.ssl_key=/opt/ccp/etc/tls/server-key.pem;socket.ssl_cert=/opt/ccp/etc/tls/server-cert.pem;socket.ssl_ca=/opt/ccp/etc/tls/ca.pem"{% endif %}
+wsrep_provider_options = "gcache.size={{ percona.gcache_size }};gcache.recover=yes{% if db.tls.enabled %};socket.ssl=yes;socket.ssl_key=/opt/ccp/etc/tls/server-key.pem;socket.ssl_cert=/opt/ccp/etc/tls/server-cert.pem;socket.ssl_ca=/opt/ccp/etc/tls/ca.pem"{% endif %}
 
-{% if percona.tls.enabled %}
+{% if db.tls.enabled %}
 ssl-ca = /opt/ccp/etc/tls/ca.pem
 ssl-cert = /opt/ccp/etc/tls/server-cert.pem
 ssl-key = /opt/ccp/etc/tls/server-key.pem
diff --git a/service/galera.yaml b/service/galera.yaml
index c536154..2cfb964 100644
--- a/service/galera.yaml
+++ b/service/galera.yaml
@@ -15,7 +15,7 @@ service:
       daemon:
         files:
           - galera-checker
-          # {% if percona.tls.enabled %}
+          # {% if db.tls.enabled %}
           - ca.pem
           - server-key.pem
           - server-cert.pem
@@ -36,7 +36,7 @@ service:
         files:
           - haproxy-conf
           - haproxy_entrypoint
-          # {% if percona.tls.enabled %}
+          # {% if db.tls.enabled %}
           - ca.pem
           - server-key.pem
           - server-cert.pem
@@ -79,7 +79,7 @@ service:
           - entrypoint
           - mycnf
           - galera-checker
-          # {% if percona.tls.enabled %}
+          # {% if db.tls.enabled %}
           - ca.pem
           - server-key.pem
           - server-cert.pem
@@ -107,7 +107,7 @@ files:
     path: /opt/ccp/bin/haproxy_entrypoint.py
     content: haproxy_entrypoint.py
     perm: "0755"
-# {% if percona.tls.enabled %}
+# {% if db.tls.enabled %}
   ca.pem:
     path: /opt/ccp/etc/tls/ca.pem
     content: ca.pem.j2