diff --git a/scripts/helmcharts/databases/templates/job.yaml b/scripts/helmcharts/databases/templates/job.yaml
new file mode 100644
index 000000000..69880579c
--- /dev/null
+++ b/scripts/helmcharts/databases/templates/job.yaml
@@ -0,0 +1,113 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: update-db-passwords
+  namespace: default
+  annotations:
+    "helm.sh/hook": post-upgrade
+    "helm.sh/hook-weight": "-6" # Higher precidence, so the first the config map will get created.
+spec:
+  template:
+    spec:
+      containers:
+      {{- if .Values.postgres.oldPostgresqlPassword }}
+      - name: update-postgres-password
+        image: postgres:13
+        env:
+          - name: PGUSER
+            value: {{.Values.postgres.postgresqlUser}}
+          - name: PGPASSWORD
+            value: {{.Values.postgres.postgresqlPassword}}  # current password
+          - name: PGPASSWORD_OLD
+            value: {{.Values.postgres.oldPostgresqlPassword}}  # old password
+          - name: PGHOST
+            value: {{.Values.postgres.postgresqlHost}}
+          - name: PGPORT
+            value: {{.Values.postgres.postgresqlPort}}
+        command: ["/bin/bash", "-c", "--"]
+        args:
+          - |
+            # Try to login with the current password
+            if PGPASSWORD=$PGPASSWORD psql -h $PGHOST -p $PGPORT -U $PGUSER -d postgres -c '\q'; then
+              echo "Successfully logged in with current password. No update needed."
+              exit 0
+            else
+              echo "Failed to login with current password, trying with old password."
+              # Try to login with the old password
+              if PGPASSWORD=$PGPASSWORD_OLD psql -h $PGHOST -p $PGPORT -U $PGUSER -d postgres -c '\q'; then
+                echo "Successfully logged in with old password. Updating password to the new one."
+                # Update the password to the new one
+                new_password=$(openssl rand -hex 20)
+                PGPASSWORD=$PGPASSWORD_OLD psql -h $PGHOST -p $PGPORT -U $PGUSER -d postgres -c "ALTER USER $PGUSER WITH PASSWORD '$new_password';"
+                if [ $? -eq 0 ]; then
+                  echo "Password updated successfully."
+                  exit 0
+                else
+                  echo "Failed to update the password."
+                  exit 1
+                fi
+              else
+                echo "Failed to login with both current and old passwords."
+                exit 1
+              fi
+            fi
+      {{- end }}
+      - name: update-clickhouse-password
+        image: clickhouse/clickhouse-server:22.8
+        env:
+          - name: CLICKHOUSE_USER
+            value: {{.Values.clickhouse.username}}
+          - name: CLICKHOUSE_PASSWORD
+            value: {{.Values.clickhouse.password}}  # current password
+          - name: CLICKHOUSE_PASSWORD_OLD
+            value: {{.Values.clickhouse.oldPassword}}  # old password
+          - name: CLICKHOUSE_HOST
+            value: clickhouse-openreplay-clickhouse.db.svc.cluster.local
+          - name: CLICKHOUSE_PORT
+            value: "9000"
+        command: ["/bin/bash", "-c", "--"]
+        args:
+          - |
+            # Function to check if the Clickhouse server is reachable
+            is_clickhouse_reachable() {
+              [ "$(curl -s -o /dev/null -w '%{http_code}' http://$CLICKHOUSE_HOST:$CLICKHOUSE_PORT/ping)" -eq 200 ]
+            }
+
+            # Check if Clickhouse server is reachable
+            if is_clickhouse_reachable; then
+              echo "Clickhouse server is reachable, attempting to login with the current password."
+
+              # Try to login with the current password
+              if echo 'SELECT 1' | clickhouse-client --host $CLICKHOUSE_HOST --port $CLICKHOUSE_PORT --user $CLICKHOUSE_USER --password $CLICKHOUSE_PASSWORD; then
+                echo "Successfully logged in with current password. No update needed."
+                exit 0
+              else
+                echo "Failed to login with current password, trying with old password."
+
+                # Try to login with the old password
+                if echo 'SELECT 1' | clickhouse-client --host $CLICKHOUSE_HOST --port $CLICKHOUSE_PORT --user $CLICKHOUSE_USER --password $CLICKHOUSE_PASSWORD_OLD; then
+                  echo "Successfully logged in with old password. Updating password to the new one."
+                  
+                  # Generate a new random password and update it
+                  new_password=$(openssl rand -hex 20)
+                  clickhouse-client --host $CLICKHOUSE_HOST --port $CLICKHOUSE_PORT --user $CLICKHOUSE_USER --password $CLICKHOUSE_PASSWORD_OLD --query "ALTER USER $CLICKHOUSE_USER IDENTIFIED WITH PLAINTEXT_PASSWORD BY '$new_password';"
+                  
+                  if [ $? -eq 0 ]; then
+                    echo "Password updated successfully."
+                    exit 0
+                  else
+                    echo "Failed to update the password."
+                    exit 1
+                  fi
+                else
+                  echo "Failed to login with both current and old passwords."
+                  exit 1
+                fi
+              fi
+            else
+              echo "Clickhouse server is not reachable."
+              exit 1
+            fi
+      restartPolicy: Never
+  backoffLimit: 3