diff --git a/safekeeper/src/bin/safekeeper.rs b/safekeeper/src/bin/safekeeper.rs
index fb8f7b0c48..52286896e5 100644
--- a/safekeeper/src/bin/safekeeper.rs
+++ b/safekeeper/src/bin/safekeeper.rs
@@ -349,9 +349,10 @@ async fn main() -> anyhow::Result<()> {
     if !args.dev {
         let http_auth_enabled = args.http_auth_public_key_path.is_some();
         let pg_auth_enabled = args.pg_auth_public_key_path.is_some();
-        if !http_auth_enabled || !pg_auth_enabled {
+        let pg_tenant_only_auth_enabled = args.pg_tenant_only_auth_public_key_path.is_some();
+        if !http_auth_enabled || !pg_auth_enabled || !pg_tenant_only_auth_enabled {
             bail!(
-                "Safekeeper refuses to start with HTTP or PostgreSQL API authentication disabled.\n\
+                "Safekeeper refuses to start with HTTP, PostgreSQL, or tenant-only PostgreSQL API authentication disabled.\n\
                   Run with --dev to allow running without authentication.\n\
                   This is insecure and should only be used in development environments."
             );