diff --git a/pillar/dbserver/cluster-A.sls b/pillar/dbserver/cluster-A.sls
--- a/pillar/dbserver/cluster-A.sls
+++ b/pillar/dbserver/cluster-A.sls
@@ -27,6 +27,14 @@
           privileges:
             - ALL
 
+    orbeon:
+      password: dbserver/cluster-A/users/orbeon
+      privileges:
+        - database: forms
+          scope: schema
+          privileges:
+            - ALL
+
   databases:
     airflow:
       encoding: UTF8
@@ -38,6 +46,10 @@
       extensions:
         - pg_trgm
 
+    forms:
+      encoding: UTF8
+      owner: orbeon
+
   # Network connections allowed in pg_hba.conf
   connections:
     - db: airflow
@@ -47,3 +59,8 @@
     - db: fantoir
       user: fantoir
       ips: 172.27.27.0/28
+
+    - db: forms
+      user: orbeon
+      ips: &dwellers 172.27.27.4/32
+      method: password
diff --git a/roles/dbserver-pgsql/server/files/pg_hba.conf b/roles/dbserver-pgsql/server/files/pg_hba.conf
--- a/roles/dbserver-pgsql/server/files/pg_hba.conf
+++ b/roles/dbserver-pgsql/server/files/pg_hba.conf
@@ -24,7 +24,7 @@
 
 # External connections
 {%- for conn in connections %}
-host    {{ "%-15s" | format(conn.db) }} {{ "%-15s" | format(conn.user) }} {{ "%-23s" | format(conn.ips) }} scram-sha-256
+host    {{ "%-15s" | format(conn.db) }} {{ "%-15s" | format(conn.user) }} {{ "%-23s" | format(conn.ips) }} {{ conn.method | default("scram-sha-256") }}
 {%- endfor %}
 
 # Allow replication connections from localhost, by a user with the