diff --git a/README.md b/README.md
index 1edc211..1a80c26 100644
--- a/README.md
+++ b/README.md
@@ -258,7 +258,7 @@ values which are defined [here](https://github.com/grafana/helm-charts/tree/main
 | global.dashboards.timerange | string | `"12h"` | how far back dashboards should look |
 | global.externalScheme | string | `"http"` |  |
 | global.externalZone | string | `"svc.cluster.local"` |  |
-| global.postgres | object | `{"alerts":{"groups":{"Basic":{"delay":"1m","enabled":true},"Connections":{"delay":"5m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}},"Notifications":{"delay":"15m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}}}},"database":"coder","exporter":{"image":"quay.io/prometheuscommunity/postgres-exporter"},"hostname":"localhost","mountSecret":"secret-postgres","password":null,"port":5432,"sslmode":"disable","sslrootcert":"/home/coder/.postgresql/rootcert.pem","username":"coder","volumeMounts":[{"mountPath":"/home/coder/.postgresql","name":"pg-certs-mount","readOnly":true}],"volumes":[{"configMap":{"name":"pg-certs-mount-config-map"},"name":"pg-certs-mount"}]}` | postgres connection information NOTE: these settings are global so we can parameterise some values which get rendered by subcharts |
+| global.postgres | object | `{"alerts":{"groups":{"Basic":{"delay":"1m","enabled":true},"Connections":{"delay":"5m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}},"Notifications":{"delay":"15m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}}}},"database":"coder","exporter":{"image":"quay.io/prometheuscommunity/postgres-exporter"},"hostname":"localhost","mountSecret":"secret-postgres","password":null,"port":5432,"sslmode":"disable","sslrootcert":null,"username":"coder","volumeMounts":[],"volumes":[]}` | postgres connection information NOTE: these settings are global so we can parameterise some values which get rendered by subcharts |
 | global.postgres.alerts | object | `{"groups":{"Basic":{"delay":"1m","enabled":true},"Connections":{"delay":"5m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}},"Notifications":{"delay":"15m","enabled":true,"thresholds":{"critical":0.9,"notify":0.5,"warning":0.8}}}}` | alerts for postgres |
 | global.telemetry | object | `{"metrics":{"scrape_interval":"15s","scrape_timeout":"12s"}}` | control telemetry collection |
 | global.telemetry.metrics | object | `{"scrape_interval":"15s","scrape_timeout":"12s"}` | control metric collection |
diff --git a/coder-observability/templates/_helpers.tpl b/coder-observability/templates/_helpers.tpl
index f4b455e..0d8578d 100644
--- a/coder-observability/templates/_helpers.tpl
+++ b/coder-observability/templates/_helpers.tpl
@@ -66,12 +66,20 @@ Create the name of the service account to use
 {{- if and .Values.global.postgres.password (eq .Values.global.postgres.sslmode "disable") -}}
 postgresql://{{ .Values.global.postgres.username }}:{{ urlquery .Values.global.postgres.password }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}
 {{- else if and .Values.global.postgres.password (ne .Values.global.postgres.sslmode "disable") -}}
+{{- if .Values.global.postgres.sslrootcert -}}
 postgresql://{{ .Values.global.postgres.username }}:{{ urlquery .Values.global.postgres.password }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}&sslrootcert={{ .Values.global.postgres.sslrootcert }}
+{{- else -}}
+postgresql://{{ .Values.global.postgres.username }}:{{ urlquery .Values.global.postgres.password }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}
+{{- end -}}
 {{- else if and .Values.global.postgres.mountSecret (eq .Values.global.postgres.sslmode "disable") -}}
 postgresql://{{ .Values.global.postgres.username }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}
 {{- else if and .Values.global.postgres.mountSecret (ne .Values.global.postgres.sslmode "disable") -}}
+{{- if .Values.global.postgres.sslrootcert -}}
 postgresql://{{ .Values.global.postgres.username }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}&sslrootcert={{ .Values.global.postgres.sslrootcert }}
 {{- else -}}
+postgresql://{{ .Values.global.postgres.username }}@{{ .Values.global.postgres.hostname }}:{{ .Values.global.postgres.port }}/{{ .Values.global.postgres.database }}?sslmode={{ .Values.global.postgres.sslmode }}
+{{- end -}}
+{{- else -}}
 {{ fail "either postgres.password or postgres.mountSecret must be defined" }}
 {{- end -}}
 {{- end }}
diff --git a/coder-observability/templates/statefulset-postgres-exporter.yaml b/coder-observability/templates/statefulset-postgres-exporter.yaml
index 4f33f25..a1f6e55 100644
--- a/coder-observability/templates/statefulset-postgres-exporter.yaml
+++ b/coder-observability/templates/statefulset-postgres-exporter.yaml
@@ -30,9 +30,11 @@ spec:
             - name: DATA_SOURCE_NAME
               value: '{{ include "postgres-connector-string" . }}'
           {{ include "postgres-secret-mount" . | nindent 10 }}
-
+          {{- if .Values.global.postgres.volumeMounts }}
           volumeMounts:
           {{ toYaml .Values.global.postgres.volumeMounts | nindent 12 }}
-
+          {{- end }}
+      {{- if .Values.global.postgres.volumes }}
       volumes:
-      {{ toYaml .Values.global.postgres.volumes | nindent 8 }}
\ No newline at end of file
+      {{ toYaml .Values.global.postgres.volumes | nindent 8 }}
+      {{- end }}
\ No newline at end of file
diff --git a/coder-observability/values.yaml b/coder-observability/values.yaml
index c4277d7..6d06981 100644
--- a/coder-observability/values.yaml
+++ b/coder-observability/values.yaml
@@ -123,23 +123,17 @@ global:
     password:
     database: coder
     sslmode: disable
-    # add root cert path if using SSL
-    sslrootcert: /home/coder/.postgresql/rootcert.pem
+    # SSL root certificate path - only required when sslmode != "disable"
+    sslrootcert:
 
     # ensure that your secret has a field named `PGPASSWORD`
     mountSecret: "secret-postgres"
     exporter:
       image: "quay.io/prometheuscommunity/postgres-exporter"
 
-    volumes:
-      - name: "pg-certs-mount"
-        configMap:
-          name: "pg-certs-mount-config-map"
-
-    volumeMounts:
-      - name: "pg-certs-mount"
-        mountPath: "/home/coder/.postgresql"
-        readOnly: true
+    # volumes and volumeMounts for SSL certificates
+    volumes: []
+    volumeMounts: []
 
     # global.postgres.alerts -- alerts for postgres
     alerts:
diff --git a/compiled/resources.yaml b/compiled/resources.yaml
index 503f485..aff5679 100644
--- a/compiled/resources.yaml
+++ b/compiled/resources.yaml
@@ -12219,14 +12219,6 @@ spec:
           envFrom:
             - secretRef:
                 name: secret-postgres
-          volumeMounts:
-            - mountPath: /home/coder/.postgresql
-              name: pg-certs-mount
-              readOnly: true
-      volumes:
-        - configMap:
-            name: pg-certs-mount-config-map
-          name: pg-certs-mount
 ---
 # Source: coder-observability/templates/statefulset-runbook-viewer.yaml
 apiVersion: apps/v1