diff --git a/service/files/heat.conf.j2 b/service/files/heat.conf.j2
index c19c43a..3ad4fa4 100644
--- a/service/files/heat.conf.j2
+++ b/service/files/heat.conf.j2
@@ -16,7 +16,7 @@ reauthentication_auth_method = trusts
 endpoint_type = internalURL
 
 [database]
-connection = mysql+pymysql://{{ heat.db.username }}:{{ heat.db.password }}@{{ address(service.database) }}/{{ heat.db.name }}{% if percona.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}
+connection = mysql+pymysql://{{ heat.db.username }}:{{ heat.db.password }}@{{ address(service.database) }}/{{ heat.db.name }}{% if db.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}
 
 {{ keystone_authtoken.keystone_authtoken(heat.user, heat.password) }}
 
diff --git a/service/heat-api.yaml b/service/heat-api.yaml
index 44229cd..f30c309 100644
--- a/service/heat-api.yaml
+++ b/service/heat-api.yaml
@@ -14,9 +14,9 @@ service:
           command:
             mysql -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e "create database {{ heat.db.name }};
             create user '{{ heat.db.username }}'@'%' identified by '{{ heat.db.password }}'
-            {% if percona.tls.enabled %} require ssl {% endif %};
+            {% if db.tls.enabled %} require ssl {% endif %};
             grant all privileges on {{ heat.db.name }}.* to '{{ heat.db.username }}'@'%' identified by '{{ heat.db.password }}'
-            {% if percona.tls.enabled %} require ssl {% endif %};"
+            {% if db.tls.enabled %} require ssl {% endif %};"
         - name: heat-db-sync
           files:
             - heat-conf