diff --git a/roles/postgres_hardening/defaults/main.yml b/roles/postgres_hardening/defaults/main.yml
index d8f7bc259..bc4448ce6 100644
--- a/roles/postgres_hardening/defaults/main.yml
+++ b/roles/postgres_hardening/defaults/main.yml
@@ -21,4 +21,4 @@ log_disconnections: "on"
 log_duration: "on"
 log_hostname: "on"
 log_directory: pg_log
-log_line_prefix: "%t %u %d %h"
\ No newline at end of file
+log_line_prefix: "%t %u %d %h"
diff --git a/roles/postgres_hardening/tasks/hardening.yml b/roles/postgres_hardening/tasks/hardening.yml
index df53dd167..dfe58bfd3 100644
--- a/roles/postgres_hardening/tasks/hardening.yml
+++ b/roles/postgres_hardening/tasks/hardening.yml
@@ -87,14 +87,6 @@
     group: "{{ postgres_group }}"
     mode: u=rw,g=r,o=
 
-- name: Manage permissions on /etc/postgresql/<version>/main/pg_hba.conf
-  ansible.builtin.file:
-    path: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
-    state: file
-    owner: "{{ postgres_user }}"
-    group: "{{ postgres_group }}"
-    mode: u=rw,g=,o=
-
 #################################
 # POSTGRES-11/12/16 #############
 #################################
@@ -125,6 +117,18 @@
       regexp: "#?log_line_prefix\\s?="
   notify: Restart postgres
 
+#################################
+# POSTGRES-13/14/15 #############
+#################################
+- name: Secure pg_hba.conf Configuration
+  ansible.builtin.template:
+    src: templates/pg_hba.conf
+    dest: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf
+    owner: "{{ postgres_user }}"
+    group: "{{ postgres_group }}"
+    mode: u=rw,g=,o=
+  notify: Restart postgres
+
 #################################
 # POSTGRES-20 ###################
 #################################
diff --git a/roles/postgres_hardening/templates/pg_hba.conf b/roles/postgres_hardening/templates/pg_hba.conf
new file mode 100644
index 000000000..61f853bfc
--- /dev/null
+++ b/roles/postgres_hardening/templates/pg_hba.conf
@@ -0,0 +1,5 @@
+local   all             postgres                                peer
+local   all             all                                     peer
+hostssl all             all             127.0.0.1/32            scram-sha-256
+hostssl all             all             ::1/128                 scram-sha-256
+local   replication     all                                     peer
\ No newline at end of file