diff --git a/cmd/zitadel/startup.yaml b/cmd/zitadel/startup.yaml
index 1295c2861f..d30d424b9b 100644
--- a/cmd/zitadel/startup.yaml
+++ b/cmd/zitadel/startup.yaml
@@ -34,6 +34,7 @@ EventstoreBase:
   MaxOpenConns: 3
   MaxConnLifetime: 30m
   MaxConnIdleTime: 30m
+  Options: $CR_OPTIONS
   SSL:
     Mode: $CR_SSL_MODE
     RootCert: $CR_ROOT_CERT
@@ -60,6 +61,7 @@ Queries:
     MaxOpenConns: 2
     MaxConnLifetime: 30m
     MaxConnIdleTime: 30m
+    Options: $CR_OPTIONS
     SSL:
       Mode: $CR_SSL_MODE
       RootCert: $CR_ROOT_CERT
@@ -82,6 +84,7 @@ Projections:
     MaxOpenConns: 3
     MaxConnLifetime: 30m
     MaxConnIdleTime: 30m
+    Options: $CR_OPTIONS
     SSL:
       Mode: $CR_SSL_MODE
       RootCert: $CR_ROOT_CERT
@@ -105,6 +108,7 @@ AuthZ:
           MaxOpenConns: 3
           MaxConnLifetime: 30m
           MaxConnIdleTime: 30m
+          Options: $CR_OPTIONS
           SSL:
             Mode: $CR_SSL_MODE
             RootCert: $CR_ROOT_CERT
@@ -123,6 +127,7 @@ AuthZ:
       MaxOpenConns: 3
       MaxConnLifetime: 30m
       MaxConnIdleTime: 30m
+      Options: $CR_OPTIONS
       SSL:
         Mode: $CR_SSL_MODE
         RootCert: $CR_ROOT_CERT
@@ -149,6 +154,7 @@ Auth:
         MaxOpenConns: 3
         MaxConnLifetime: 30m
         MaxConnIdleTime: 30m
+        Options: $CR_OPTIONS
         SSL:
           Mode: $CR_SSL_MODE
           RootCert: $CR_ROOT_CERT
@@ -168,6 +174,7 @@ Auth:
       MaxOpenConns: 3
       MaxConnLifetime: 30m
       MaxConnIdleTime: 30m
+      Options: $CR_OPTIONS
       SSL:
         Mode: $CR_SSL_MODE
         RootCert: $CR_ROOT_CERT
@@ -182,6 +189,7 @@ Auth:
     MaxOpenConns: 3
     MaxConnLifetime: 30m
     MaxConnIdleTime: 30m
+    Options: $CR_OPTIONS
     SSL:
       Mode: $CR_SSL_MODE
       RootCert: $CR_ROOT_CERT
@@ -208,6 +216,7 @@ Admin:
         MaxOpenConns: 3
         MaxConnLifetime: 30m
         MaxConnIdleTime: 30m
+        Options: $CR_OPTIONS
         SSL:
           Mode: $CR_SSL_MODE
           RootCert: $CR_ROOT_CERT
@@ -226,6 +235,7 @@ Admin:
     MaxOpenConns: 3
     MaxConnLifetime: 30m
     MaxConnIdleTime: 30m
+    Options: $CR_OPTIONS
     SSL:
       Mode: $CR_SSL_MODE
       RootCert: $CR_ROOT_CERT
@@ -252,6 +262,7 @@ Mgmt:
         MaxOpenConns: 3
         MaxConnLifetime: 30m
         MaxConnIdleTime: 30m
+        Options: $CR_OPTIONS
         SSL:
           Mode: $CR_SSL_MODE
           RootCert: $CR_ROOT_CERT
@@ -265,6 +276,7 @@ Mgmt:
     Host: $ZITADEL_EVENTSTORE_HOST
     Port: $ZITADEL_EVENTSTORE_PORT
     User: 'management'
+    Options: $CR_OPTIONS
     Database: 'management'
     Password: $CR_MANAGEMENT_PASSWORD
     MaxOpenConns: 3
@@ -383,6 +395,7 @@ Notification:
           MaxOpenConns: 2
           MaxConnLifetime: 30m
           MaxConnIdleTime: 30m
+          Options: $CR_OPTIONS
           SSL:
             Mode: $CR_SSL_MODE
             RootCert: $CR_ROOT_CERT
@@ -401,6 +414,7 @@ Notification:
       MaxOpenConns: 2
       MaxConnLifetime: 30m
       MaxConnIdleTime: 30m
+      Options: $CR_OPTIONS
       SSL:
         Mode: $CR_SSL_MODE
         RootCert: $CR_ROOT_CERT
diff --git a/internal/config/types/sql.go b/internal/config/types/sql.go
index 561a6980d8..59b1075d3b 100644
--- a/internal/config/types/sql.go
+++ b/internal/config/types/sql.go
@@ -24,6 +24,10 @@ type SQL struct {
 	MaxOpenConns    uint32
 	MaxConnLifetime Duration
 	MaxConnIdleTime Duration
+
+	//Additional options to be appended as options=<Options>
+	//The value will be taken as is. So be sure to separate multiple options by a space
+	Options string
 }
 
 type SQLBase struct {
@@ -32,6 +36,10 @@ type SQLBase struct {
 	Database string
 	Schema   string
 	SSL      sslBase
+
+	//Additional options to be appended as options=<Options>
+	//The value will be taken as is. So be sure to separate multiple options by a space
+	Options string
 }
 
 type SQLUser struct {
@@ -68,23 +76,27 @@ func (s *SQL) connectionString() string {
 		"application_name=zitadel",
 		"sslmode=" + s.SSL.Mode,
 	}
+	if s.Options != "" {
+		fields = append(fields, "options="+s.Options)
+	}
 	if s.Password != "" {
 		fields = append(fields, "password="+s.Password)
 	}
-
+	s.checkSSL()
 	if s.SSL.Mode != sslDisabledMode {
-		fields = append(fields, []string{
-			"sslrootcert=" + s.SSL.RootCert,
-			"sslcert=" + s.SSL.Cert,
-			"sslkey=" + s.SSL.Key,
-		}...)
+		fields = append(fields, "sslrootcert="+s.SSL.RootCert)
+		if s.SSL.Cert != "" {
+			fields = append(fields, "sslcert="+s.SSL.Cert)
+		}
+		if s.SSL.Cert != "" {
+			fields = append(fields, "sslkey="+s.SSL.Key)
+		}
 	}
 
 	return strings.Join(fields, " ")
 }
 
 func (s *SQL) Start() (*sql.DB, error) {
-	s.checkSSL()
 	client, err := sql.Open("postgres", s.connectionString())
 	if err != nil {
 		return nil, errors.ThrowPreconditionFailed(err, "TYPES-9qBtr", "unable to open database connection")
@@ -103,7 +115,7 @@ func (s *SQL) checkSSL() {
 		s.SSL = &ssl{sslBase: sslBase{Mode: sslDisabledMode}}
 		return
 	}
-	if s.SSL.Cert == "" || s.SSL.Key == "" || s.SSL.RootCert == "" {
+	if s.SSL.RootCert == "" {
 		logging.LogWithFields("TYPES-LFdzP",
 			"cert set", s.SSL.Cert != "",
 			"key set", s.SSL.Key != "",
@@ -119,6 +131,7 @@ func (u SQLUser) Start(base SQLBase) (*sql.DB, error) {
 		User:     u.User,
 		Password: u.Password,
 		Database: base.Database,
+		Options:  base.Options,
 		SSL: &ssl{
 			sslBase: sslBase{
 				Mode:     base.SSL.Mode,