diff --git a/setup/so-functions b/setup/so-functions
index 252a378fe..7a212fa50 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1916,6 +1916,28 @@ secrets_pillar(){
   fi
 }
 
+# postsalt: flip postgres:so_pillar:enabled to True in the local pillar so
+# the schema_pillar / ext_pillar_postgres / pg_notify_pillar engine states
+# all activate during the install highstate. Without this the entire
+# PG-canonical pillar stack short-circuits on its default-False gate and
+# the install ends in legacy disk-pillar mode — defeating the point of
+# being on postsalt at all. The companion enabled=False rollback just
+# rewrites this file or removes the flag.
+enable_so_pillar_postgres() {
+	local pillar_dir=/opt/so/saltstack/local/pillar/postgres
+	mkdir -p "$pillar_dir"
+	cat > "$pillar_dir/adv_postgres.sls" <<'EOPILLAR'
+# postsalt: enable PG-canonical pillar mode. Generated by setup/so-functions
+# during install. Flip to False here (or delete this file) to roll back to
+# disk-pillar mode without wiping the so_pillar.* schema in so-postgres.
+postgres:
+  so_pillar:
+    enabled: True
+EOPILLAR
+	chown -R socore:socore "$pillar_dir"
+	chmod 0644 "$pillar_dir/adv_postgres.sls"
+}
+
 set_network_dev_status_list() {
 	readarray -t nmcli_dev_status_list <<< "$(nmcli -t -f DEVICE,STATE -c no dev status)"
 	export nmcli_dev_status_list
diff --git a/setup/so-setup b/setup/so-setup
index 6c77e781c..8c824391c 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -676,6 +676,10 @@ if ! [[ -f $install_opt_file ]]; then
 		info "Populating the secrets pillar"
 		# Create the secrets pillar
 		secrets_pillar
+		info "Enabling postsalt PG-canonical pillar mode"
+		# Flip postgres:so_pillar:enabled so schema_pillar / ext_pillar_postgres /
+		# pg_notify_pillar engine states deploy as part of the install highstate.
+		enable_so_pillar_postgres
 		info "Add socore user"
 		# Add the socore user
 		add_socore_user_manager