diff --git a/azure-db/bin/create-db-secret b/azure-db/bin/create-db-secret
new file mode 100755
index 000000000..7f7a3d951
--- /dev/null
+++ b/azure-db/bin/create-db-secret
@@ -0,0 +1,21 @@
+#!/bin/bash
+set -e
+
+
+MANDATORY_VARS="K8S_NS PGPASSWORD_SECRET_NAME"
+for VAR in $MANDATORY_VARS; do
+  if [[ -z "${!VAR}" ]]; then
+    echo "${VAR} environment variable is empty"
+    exit 1
+  fi
+done
+
+if [ -n "$(kubectl -n $K8S_NS get secret $PGPASSWORD_SECRET_NAME 2>/dev/null)" ]; then
+  echo "PGPASSWORD secret named '$PGPASSWORD_SECRET_NAME' already exists in namespace '$K8S_NS'"
+  exit 0
+fi
+
+PGPASSWORD=$(node -e "console.log(require('crypto').randomBytes(16).toString('base64').replace(/[^a-z0-9]/gi , ''))")
+kubectl -n $K8S_NS create secret generic $PGPASSWORD_SECRET_NAME --from-literal=PGPASSWORD=$PGPASSWORD
+
+echo "PGPASSWORD secret named '$PGPASSWORD_SECRET_NAME' created in namespace '$K8S_NS'"