diff --git a/.do/deploy.template.yaml b/.do/deploy.template.yaml
index c643a46..b71ec80 100644
--- a/.do/deploy.template.yaml
+++ b/.do/deploy.template.yaml
@@ -36,6 +36,9 @@ spec:
     - key: DATABASE_URL
       scope: RUN_TIME
       value: ${turbo-db.DATABASE_URL}
+    - key: USE_DB_SSL
+      scope: RUN_TIME
+      value: "1"
   databases:
   - name: turbo-db
     engine: PG
diff --git a/config/runtime.exs b/config/runtime.exs
index 60546bc..b202c33 100644
--- a/config/runtime.exs
+++ b/config/runtime.exs
@@ -49,9 +49,10 @@ if config_env() == :prod do
       """
 
   maybe_ipv6 = if System.get_env("ECTO_IPV6"), do: [:inet6], else: []
+  use_db_ssl = System.get_env("USE_DB_SSL") == "1"
 
   config :turbo, Turbo.Repo,
-    # ssl: true,
+    ssl: use_db_ssl,
     url: database_url,
     pool_size: String.to_integer(System.get_env("POOL_SIZE") || "10"),
     socket_options: maybe_ipv6
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 9d0b72a..ee7d04b 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -9,6 +9,8 @@ services:
     environment:
       # Postgres database URL pattern expected by Ecto: postgres://USER:PASS@HOST/DATABASE
       - DATABASE_URL=postgres://turbo_racer:please_replace_me@turbo_racer_db/turbo_racer
+      # If you want to use SSL when connecting to your DB
+      # - USE_DB_SSL=1
       - SECRET_KEY_BASE=please_replace_me_with_something_random_and_strong_at_least_64_characters_long
       - PHX_HOST=localhost
       - PORT=4000