diff --git a/lib/puppet/functions/postgresql/postgresql_password.rb b/lib/puppet/functions/postgresql/postgresql_password.rb
index a444d5cd01..681ea1af4e 100644
--- a/lib/puppet/functions/postgresql/postgresql_password.rb
+++ b/lib/puppet/functions/postgresql/postgresql_password.rb
@@ -24,7 +24,9 @@
     required_param 'Variant[String[1], Integer]', :username
     required_param 'Variant[String[1], Sensitive[String[1]], Integer]', :password
     optional_param 'Boolean', :sensitive
-    optional_param 'Optional[Postgresql::Pg_password_encryption]', :hash
+    # Note that this Enum is also defined in:
+    # types/pg_password_encryption.pp
+    optional_param 'Optional[Enum["md5", "scram-sha-256"]]', :hash
     optional_param 'Optional[Variant[String[1], Integer]]', :salt
     return_type 'Variant[String, Sensitive[String]]'
   end
diff --git a/spec/acceptance/db_deferred_spec.rb b/spec/acceptance/db_deferred_spec.rb
new file mode 100644
index 0000000000..d7e1f64fe3
--- /dev/null
+++ b/spec/acceptance/db_deferred_spec.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'spec_helper_acceptance'
+
+describe 'postgresql::server::db:' do
+  let(:user) { 'user_test' }
+  let(:password) { 'deferred_password_test' }
+  let(:database) { 'test_database' }
+
+  let(:pp_one) do
+    <<-MANIFEST.unindent
+      $user = #{user}
+      $password = #{password}
+      $database = #{database}
+
+      include postgresql::server
+      postgresql::server::db { $database:
+         user     => $user,
+         password => Deferred('unwrap', [$password]),
+      }
+    MANIFEST
+  end
+
+  it 'creates a database with with the password in the deferred function' do
+    if run_shell('puppet --version').stdout[0].to_i < 7
+      skip # Deferred function fixes only in puppet 7, see https://tickets.puppetlabs.com/browse/PUP-11518
+    end
+    apply_manifest(pp_one)
+    psql_cmd = "PGPASSWORD=#{password} PGUSER=#{user} PGDATABASE=#{database} psql -h 127.0.0.1 -d postgres -c '\\q'"
+    run_shell("cd /tmp; su #{shellescape('postgres')} -c #{shellescape(psql_cmd)}",
+              acceptable_exit_codes: [0])
+  end
+end
diff --git a/types/pg_password_encryption.pp b/types/pg_password_encryption.pp
index b2b5be66e5..7512174a89 100644
--- a/types/pg_password_encryption.pp
+++ b/types/pg_password_encryption.pp
@@ -1,2 +1,4 @@
 # @summary the supported password_encryption
+# Note that this Enum is also defined in:
+# lib/puppet/functions/postgresql/postgresql_password.rb
 type Postgresql::Pg_password_encryption = Enum['md5', 'scram-sha-256']