diff --git a/README.md b/README.md
index 7e81e8289c..4155a7773a 100644
--- a/README.md
+++ b/README.md
@@ -1400,6 +1400,12 @@ Specifies a way to uniquely identify this resource, but functionally does nothin
 
 Sets an order for placing the rule in `pg_hba.conf`.
 
+This can be either a string or an integer.
+If it is an integer, it will be converted to a string by zero-padding it to three digits.
+E.g. `42` will be zero-padded to the string `'042'`.
+
+The `pg_hba_rule` fragments are sorted using the `alpha` sorting [order](https://forge.puppet.com/puppetlabs/concat/reference#order).
+
 Default value: 150.
 
 #### `postgresql_version`
diff --git a/manifests/server/pg_hba_rule.pp b/manifests/server/pg_hba_rule.pp
index dce58a0ffb..c215c2f12a 100644
--- a/manifests/server/pg_hba_rule.pp
+++ b/manifests/server/pg_hba_rule.pp
@@ -32,6 +32,13 @@
       fail('You must specify an address property when type is host based')
     }
 
+    if $order =~ Integer {
+      $_order = sprintf('%03d', $order)
+    }
+    else {
+      $_order = $order
+    }
+
     $allowed_auth_methods = $postgresql_version ? {
       '10'  => ['trust', 'reject', 'scram-sha-256', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],
       '9.6' => ['trust', 'reject', 'md5', 'password', 'gss', 'sspi', 'ident', 'peer', 'ldap', 'radius', 'cert', 'pam', 'bsd'],
@@ -55,7 +62,7 @@
     concat::fragment { $fragname:
       target  => $target,
       content => template('postgresql/pg_hba_rule.conf'),
-      order   => $order,
+      order   => $_order,
     }
   }
 }
diff --git a/spec/unit/defines/server/pg_hba_rule_spec.rb b/spec/unit/defines/server/pg_hba_rule_spec.rb
index 4c3f977273..1637b42585 100644
--- a/spec/unit/defines/server/pg_hba_rule_spec.rb
+++ b/spec/unit/defines/server/pg_hba_rule_spec.rb
@@ -145,4 +145,93 @@ class { 'postgresql::server': }
       end
     end
   end
+
+  context 'order' do
+    context 'default' do
+      let :pre_condition do
+        <<-MANIFEST
+          class { 'postgresql::server': }
+        MANIFEST
+      end
+
+      let :params do
+        {
+          type: 'local',
+          database: 'all',
+          user: 'all',
+          auth_method: 'ident',
+        }
+      end
+
+      it do
+        is_expected.to contain_concat__fragment('pg_hba_rule_test').with(order: '150')
+      end
+    end
+
+    context 'string' do
+      let :pre_condition do
+        <<-MANIFEST
+          class { 'postgresql::server': }
+        MANIFEST
+      end
+
+      let :params do
+        {
+          type: 'local',
+          database: 'all',
+          user: 'all',
+          auth_method: 'ident',
+          order: '12',
+        }
+      end
+
+      it do
+        is_expected.to contain_concat__fragment('pg_hba_rule_test').with(order: '12')
+      end
+    end
+
+    context 'short integer' do
+      let :pre_condition do
+        <<-MANIFEST
+          class { 'postgresql::server': }
+        MANIFEST
+      end
+
+      let :params do
+        {
+          type: 'local',
+          database: 'all',
+          user: 'all',
+          auth_method: 'ident',
+          order: 12,
+        }
+      end
+
+      it do
+        is_expected.to contain_concat__fragment('pg_hba_rule_test').with(order: '012')
+      end
+    end
+
+    context 'long integer' do
+      let :pre_condition do
+        <<-MANIFEST
+          class { 'postgresql::server': }
+        MANIFEST
+      end
+
+      let :params do
+        {
+          type: 'local',
+          database: 'all',
+          user: 'all',
+          auth_method: 'ident',
+          order: 1234,
+        }
+      end
+
+      it do
+        is_expected.to contain_concat__fragment('pg_hba_rule_test').with(order: '1234')
+      end
+    end
+  end
 end