diff --git a/src/cluster.py b/src/cluster.py
index 203a237d46..80da9b9ddf 100644
--- a/src/cluster.py
+++ b/src/cluster.py
@@ -559,7 +559,7 @@ def render_patroni_yml_file(
             primary_cluster_endpoint=self.charm.async_replication.get_primary_cluster_endpoint(),
             extra_replication_endpoints=self.charm.async_replication.get_standby_endpoints(),
         )
-        self.render_file(f"{PATRONI_CONF_PATH}/patroni.yaml", rendered, 0o644)
+        self.render_file(f"{PATRONI_CONF_PATH}/patroni.yaml", rendered, 0o600)
 
     def start_patroni(self) -> bool:
         """Start Patroni service using snap.
diff --git a/tests/unit/test_cluster.py b/tests/unit/test_cluster.py
index 6a861da776..e94f3bb2bd 100644
--- a/tests/unit/test_cluster.py
+++ b/tests/unit/test_cluster.py
@@ -318,7 +318,7 @@ def test_render_patroni_yml_file(peers_ips, patroni):
         _render_file.assert_called_once_with(
             "/var/snap/charmed-postgresql/current/etc/patroni/patroni.yaml",
             expected_content,
-            0o644,
+            0o600,
         )