diff --git a/Dockerfile-base b/Dockerfile-base
index 732798d8b..3574cadb1 100644
--- a/Dockerfile-base
+++ b/Dockerfile-base
@@ -43,14 +43,18 @@ RUN set -ex \
 WORKDIR /opt/jumpserver
 
 ARG PIP_MIRROR=https://pypi.org/simple
+ENV ANSIBLE_COLLECTIONS_PATHS=/opt/py3/lib/python3.11/site-packages/ansible_collections
+
 RUN --mount=type=cache,target=/root/.cache,sharing=locked,id=core \
     --mount=type=bind,source=poetry.lock,target=poetry.lock \
     --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
     --mount=type=bind,source=utils/clean_site_packages.sh,target=clean_site_packages.sh \
+    --mount=type=bind,source=requirements/collections.yml,target=collections.yml \
     set -ex \
     && python3 -m venv /opt/py3 \
     && pip install poetry -i ${PIP_MIRROR} \
     && poetry config virtualenvs.create false \
     && . /opt/py3/bin/activate \
     && poetry install --only main \
+    && ansible-galaxy collection install -r collections.yml --force --ignore-certs \
     && bash clean_site_packages.sh
diff --git a/apps/accounts/automations/change_secret/database/mysql/main.yml b/apps/accounts/automations/change_secret/database/mysql/main.yml
index 15648e76d..0d8452a4a 100644
--- a/apps/accounts/automations/change_secret/database/mysql/main.yml
+++ b/apps/accounts/automations/change_secret/database/mysql/main.yml
@@ -6,7 +6,7 @@
     check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: Test MySQL connection
diff --git a/apps/accounts/automations/change_secret/database/postgresql/main.yml b/apps/accounts/automations/change_secret/database/postgresql/main.yml
index b73baac4a..de7dfe019 100644
--- a/apps/accounts/automations/change_secret/database/postgresql/main.yml
+++ b/apps/accounts/automations/change_secret/database/postgresql/main.yml
@@ -6,7 +6,7 @@
     check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: Test PostgreSQL connection
diff --git a/apps/accounts/automations/gather_accounts/database/mysql/main.yml b/apps/accounts/automations/gather_accounts/database/mysql/main.yml
index 92121189d..37e446502 100644
--- a/apps/accounts/automations/gather_accounts/database/mysql/main.yml
+++ b/apps/accounts/automations/gather_accounts/database/mysql/main.yml
@@ -5,7 +5,7 @@
     check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: Get info
diff --git a/apps/accounts/automations/gather_accounts/database/postgresql/main.yml b/apps/accounts/automations/gather_accounts/database/postgresql/main.yml
index fd27ab132..10bd75fce 100644
--- a/apps/accounts/automations/gather_accounts/database/postgresql/main.yml
+++ b/apps/accounts/automations/gather_accounts/database/postgresql/main.yml
@@ -6,7 +6,7 @@
     check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: Get info
diff --git a/apps/accounts/automations/push_account/database/mysql/main.yml b/apps/accounts/automations/push_account/database/mysql/main.yml
index 15648e76d..0d8452a4a 100644
--- a/apps/accounts/automations/push_account/database/mysql/main.yml
+++ b/apps/accounts/automations/push_account/database/mysql/main.yml
@@ -6,7 +6,7 @@
     check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: Test MySQL connection
diff --git a/apps/accounts/automations/push_account/database/postgresql/main.yml b/apps/accounts/automations/push_account/database/postgresql/main.yml
index 3678e4fe2..7a12a4452 100644
--- a/apps/accounts/automations/push_account/database/postgresql/main.yml
+++ b/apps/accounts/automations/push_account/database/postgresql/main.yml
@@ -6,7 +6,7 @@
     check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: Test PostgreSQL connection
diff --git a/apps/accounts/automations/remove_account/database/mysql/main.yml b/apps/accounts/automations/remove_account/database/mysql/main.yml
index 07b84a58b..f877dfe18 100644
--- a/apps/accounts/automations/remove_account/database/mysql/main.yml
+++ b/apps/accounts/automations/remove_account/database/mysql/main.yml
@@ -5,7 +5,7 @@
     check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: "Remove account"
diff --git a/apps/accounts/automations/remove_account/database/postgresql/main.yml b/apps/accounts/automations/remove_account/database/postgresql/main.yml
index 4738fcd04..20290fdb9 100644
--- a/apps/accounts/automations/remove_account/database/postgresql/main.yml
+++ b/apps/accounts/automations/remove_account/database/postgresql/main.yml
@@ -6,7 +6,7 @@
     check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: "Remove account"
diff --git a/apps/accounts/automations/verify_account/database/mysql/main.yml b/apps/accounts/automations/verify_account/database/mysql/main.yml
index ab6a4d33b..2c4ae5c0b 100644
--- a/apps/accounts/automations/verify_account/database/mysql/main.yml
+++ b/apps/accounts/automations/verify_account/database/mysql/main.yml
@@ -5,7 +5,7 @@
     check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: Verify account
diff --git a/apps/accounts/automations/verify_account/database/postgresql/main.yml b/apps/accounts/automations/verify_account/database/postgresql/main.yml
index 24fdd6cb6..5f5aa4689 100644
--- a/apps/accounts/automations/verify_account/database/postgresql/main.yml
+++ b/apps/accounts/automations/verify_account/database/postgresql/main.yml
@@ -6,7 +6,7 @@
     check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: Verify account
diff --git a/apps/assets/automations/base/manager.py b/apps/assets/automations/base/manager.py
index c9de04baf..da3e2353f 100644
--- a/apps/assets/automations/base/manager.py
+++ b/apps/assets/automations/base/manager.py
@@ -170,6 +170,7 @@ class BasePlaybookManager:
             result = self.write_cert_to_file(
                 os.path.join(cert_dir, f), specific.get(f)
             )
+            os.chmod(result, 0o600)
             host['jms_asset']['secret_info'][f] = result
         return host
 
diff --git a/apps/assets/automations/gather_facts/database/mysql/main.yml b/apps/assets/automations/gather_facts/database/mysql/main.yml
index 24d0acde4..ac8c27ac2 100644
--- a/apps/assets/automations/gather_facts/database/mysql/main.yml
+++ b/apps/assets/automations/gather_facts/database/mysql/main.yml
@@ -5,7 +5,7 @@
     check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: Get info
diff --git a/apps/assets/automations/gather_facts/database/postgresql/main.yml b/apps/assets/automations/gather_facts/database/postgresql/main.yml
index e7bea6002..8a95cdba7 100644
--- a/apps/assets/automations/gather_facts/database/postgresql/main.yml
+++ b/apps/assets/automations/gather_facts/database/postgresql/main.yml
@@ -6,7 +6,7 @@
     check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: Get info
diff --git a/apps/assets/automations/ping/database/mysql/main.yml b/apps/assets/automations/ping/database/mysql/main.yml
index 2a05ee2ab..8326402cd 100644
--- a/apps/assets/automations/ping/database/mysql/main.yml
+++ b/apps/assets/automations/ping/database/mysql/main.yml
@@ -5,7 +5,7 @@
     check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: Test MySQL connection
diff --git a/apps/assets/automations/ping/database/postgresql/main.yml b/apps/assets/automations/ping/database/postgresql/main.yml
index 3b29340e0..5e072f63a 100644
--- a/apps/assets/automations/ping/database/postgresql/main.yml
+++ b/apps/assets/automations/ping/database/postgresql/main.yml
@@ -6,7 +6,7 @@
     check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
     ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
     ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
-    ssl_key: "{{ jms_asset.secret_info.client_cert | default('') }}"
+    ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
 
   tasks:
     - name: Test PostgreSQL connection
diff --git a/requirements/collections.yml b/requirements/collections.yml
new file mode 100644
index 000000000..c6ab2ad91
--- /dev/null
+++ b/requirements/collections.yml
@@ -0,0 +1,3 @@
+collections:
+  - name: community.postgresql
+    version: 2.4.0
\ No newline at end of file