diff --git a/ansible/files/admin_api_scripts/pg_upgrade_scripts/complete.sh b/ansible/files/admin_api_scripts/pg_upgrade_scripts/complete.sh
index cd6c1f066..108409463 100755
--- a/ansible/files/admin_api_scripts/pg_upgrade_scripts/complete.sh
+++ b/ansible/files/admin_api_scripts/pg_upgrade_scripts/complete.sh
@@ -32,6 +32,72 @@ function execute_extension_upgrade_patches {
     fi
 }
 
+function execute_wrappers_patch {
+    # If upgrading to pgsodium-less Vault, Wrappers need to be updated so that
+    # foreign servers use `vault.secrets.id` instead of `vault.secrets.key_id`
+    UPDATE_WRAPPERS_SERVER_OPTIONS_QUERY=$(cat <<EOF
+  DO \$\$
+  DECLARE
+    server_rec RECORD;
+    option_rec RECORD;
+    vault_secrets RECORD;
+  BEGIN
+    IF EXISTS (SELECT FROM pg_extension WHERE extname = 'wrappers')
+      AND EXISTS (SELECT FROM pg_available_extension_versions WHERE name = 'wrappers' AND version NOT IN (
+      '0.1.0',
+      '0.1.1',
+      '0.1.4',
+      '0.1.5',
+      '0.1.6',
+      '0.1.7',
+      '0.1.8',
+      '0.1.9',
+      '0.1.10',
+      '0.1.11',
+      '0.1.12',
+      '0.1.14',
+      '0.1.15',
+      '0.1.16',
+      '0.1.17',
+      '0.1.18',
+      '0.1.19',
+      '0.2.0',
+      '0.3.0',
+      '0.3.1',
+      '0.4.0',
+      '0.4.1',
+      '0.4.2',
+      '0.4.3',
+      '0.4.4',
+      '0.4.5'
+    ))
+    THEN
+      FOR server_rec IN
+        SELECT srvname, srvoptions
+        FROM pg_foreign_server
+      LOOP
+        FOR option_rec IN
+          SELECT split_part(srvoption, '=', 1) AS option_name, split_part(srvoption, '=', 2) AS option_value
+          FROM UNNEST(server_rec.srvoptions) AS srvoption
+        LOOP
+          IF EXISTS (SELECT FROM vault.secrets WHERE option_rec.option_value IN (id::text, key_id::text)) THEN
+            EXECUTE format(
+              'ALTER SERVER %I OPTIONS (SET %I %L)',
+              server_rec.srvname,
+              option_rec.option_name,
+              (SELECT id FROM vault.secrets WHERE option_rec.option_value IN (id::text, key_id::text))
+            );
+          END IF;
+        END LOOP;
+      END LOOP;
+    END IF;
+  END;
+  \$\$;
+EOF
+    )
+    run_sql -c "$UPDATE_WRAPPERS_SERVER_OPTIONS_QUERY"
+}
+
 function execute_patches {
     # Patch pg_net grants
     PG_NET_ENABLED=$(run_sql -A -t -c "select count(*) > 0 from pg_extension where extname = 'pg_net';")
@@ -220,6 +286,13 @@ function complete_pg_upgrade {
 
     execute_extension_upgrade_patches || true
 
+    # For this to work we need `vault.secrets` from the old project to be
+    # preserved, but `run_generated_sql` includes `ALTER EXTENSION
+    # supabase_vault UPDATE` which modifies that. So we need to run it
+    # beforehand.
+    echo "3.1. Patch Wrappers server options"
+    execute_wrappers_patch
+
     echo "4. Running generated SQL files"
     retry 3 run_generated_sql
 
diff --git a/ansible/vars.yml b/ansible/vars.yml
index 4d3102a17..70ed9dcd7 100644
--- a/ansible/vars.yml
+++ b/ansible/vars.yml
@@ -9,9 +9,9 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.0.1.065-orioledb"
-  postgres17: "17.4.1.015"
-  postgres15: "15.8.1.072"
+  # postgresorioledb-17: "17.0.1.065-orioledb"
+  # postgres17: "17.4.1.015"
+  postgres15: "15.8.1.071-wrappers-b"
 
 # Non Postgres Extensions
 pgbouncer_release: "1.19.0"