diff --git a/contrib/helm/clair/requirements.yaml b/contrib/helm/clair/requirements.yaml
new file mode 100644
index 00000000..ef1fd2cc
--- /dev/null
+++ b/contrib/helm/clair/requirements.yaml
@@ -0,0 +1,5 @@
+dependencies:
+  - name: postgresql
+    version: "*"
+    condition: postgresql.enabled
+    repository: "alias:stable"
\ No newline at end of file
diff --git a/contrib/helm/clair/templates/_helpers.tpl b/contrib/helm/clair/templates/_helpers.tpl
index f0d83d2e..e91cc6b6 100644
--- a/contrib/helm/clair/templates/_helpers.tpl
+++ b/contrib/helm/clair/templates/_helpers.tpl
@@ -14,3 +14,10 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+Create a default fully qualified postgresql name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "postgresql.fullname" -}}
+{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/contrib/helm/clair/templates/configmap.yaml b/contrib/helm/clair/templates/configmap.yaml
index 6a9858ff..e30cab3e 100644
--- a/contrib/helm/clair/templates/configmap.yaml
+++ b/contrib/helm/clair/templates/configmap.yaml
@@ -13,7 +13,12 @@ data:
         options:
           # PostgreSQL Connection string
           # https://www.postgresql.org/docs/current/static/libpq-connect.html#LIBPQ-CONNSTRING
+          # This should be done using secrets or Vault, but for now this will also work
+          {{- if .Values.config.postgresURI -}}
           source: "{{ .Values.config.postgresURI }}"
+          {{ else }}
+          source: "postgres://{{ .Values.postgresql.postgresUser }}:{{ .Values.postgresql.postgresPassword }}@{{ template "postgresql.fullname" . }}:5432/{{ .Values.postgresql.postgresDatabase }}?sslmode=disable"
+          {{ end }}
 
           # Number of elements kept in the cache
           # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
diff --git a/contrib/helm/clair/values.yaml b/contrib/helm/clair/values.yaml
index 4cf0953b..a30b8dcb 100644
--- a/contrib/helm/clair/values.yaml
+++ b/contrib/helm/clair/values.yaml
@@ -36,7 +36,7 @@ resources:
     cpu: 100m
     memory: 128Mi
 config:
-  postgresURI: "postgres://user:password@host:5432/postgres?sslmode=disable"
+  # postgresURI: "postgres://user:password@host:5432/postgres?sslmode=disable"
   paginationKey: "XxoPtCUzrUv4JV5dS+yQ+MdW7yLEJnRMwigVY/bpgtQ="
   updateInterval: 2h
   notificationWebhookEndpoint: https://example.com/notify/me
@@ -56,3 +56,16 @@ config:
   - apk
   - dpkg
   - rpm
+# Configuration values for the postgresql dependency.
+# ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
+postgresql:
+  cpu: 1000m
+  memory: 1Gi
+# These values are hardcoded until Helm supports secrets.
+# For more info see: https://github.com/kubernetes/helm/issues/2196
+  postgresUser: clair
+  postgresPassword: clair
+  postgresDatabase: clair
+
+  persistence:
+    size: 10Gi
\ No newline at end of file