Basic example of using mTLS authentication for PostGres but where the private key for TLS is sealed into a Trusted Platform Module (TPM)
.
More generally, this procedure is applicable to any Postgres system with mTLS enabled. The specific example is for Google CloudSQL.
mTLS for CloudSql is described here in authorize-ssl with a flow where you download client certificates.
once you you have the client certificate you, there are many ways to securely transfer this key over to the TPM. (eg described at oauth2.TpmTokenSource).