diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
index 8267b7ef..4c1eee69 100644
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@@ -280,10 +280,10 @@ module "privatebin" {
   depends_on = [null_resource.core_services]
 }
 
-# module "vault" {
-#   source          = "./vault"
-#   tls_secret_name = var.tls_secret_name
-# }
+module "vault" {
+  source          = "./vault"
+  tls_secret_name = var.tls_secret_name
+}
 
 module "reloader" {
   source = "./reloader"
diff --git a/modules/kubernetes/vault/chart_values.tpl b/modules/kubernetes/vault/chart_values.tpl
index 79d54847..a0bc188a 100644
--- a/modules/kubernetes/vault/chart_values.tpl
+++ b/modules/kubernetes/vault/chart_values.tpl
@@ -1,24 +1,23 @@
+global:
+  namespace: "vault"
+  image:
+    repository: "hashicorp/vault-k8s"
+    tag: "1.7.0"
+  agentImage:
+    repository: "hashicorp/vault"
+    tag: "1.20.4"
 injector:
   metrics:
     enabled: true
 server:
+  image:
+    repository: "hashicorp/vault"
+    tag: "1.20.4"
   enabled: true
   volumes:
     - name: data
       emptyDir: {}
   ingress:
-    enabled: true
-    annotations:
-      "kubernetes.io/ingress.class": "nginx"
-      "nginx.ingress.kubernetes.io/auth-tls-verify-client": "on"
-      "nginx.ingress.kubernetes.io/auth-tls-secret": "default/ca-secret"
-    hosts:
-      - host: "${host}"
-        paths:
-          - /
-    tls:
-      - secretName: ${tls_secret_name}
-        hosts:
-            - "${host}"
+    enabled: false
 ui:
   enabled: true
diff --git a/modules/kubernetes/vault/main.tf b/modules/kubernetes/vault/main.tf
index 3a9579d8..8839a717 100644
--- a/modules/kubernetes/vault/main.tf
+++ b/modules/kubernetes/vault/main.tf
@@ -17,7 +17,7 @@ module "tls_secret" {
 
 resource "kubernetes_persistent_volume" "vault_data" {
   metadata {
-    name = "vauld-data-pv"
+    name = "vault-data-pv"
   }
   spec {
     capacity = {
@@ -25,11 +25,9 @@ resource "kubernetes_persistent_volume" "vault_data" {
     }
     access_modes = ["ReadWriteOnce"]
     persistent_volume_source {
-      iscsi {
-        target_portal = "iscsi.viktorbarzin.lan:3260"
-        iqn           = "iqn.2020-12.lan.viktorbarzin:storage:vault"
-        lun           = 0
-        fs_type       = "ext4"
+      nfs {
+        server = "10.0.10.15"
+        path   = "/mnt/main/vault"
       }
     }
   }
@@ -44,4 +42,16 @@ resource "helm_release" "prometheus" {
   chart      = "vault"
 
   values = [templatefile("${path.module}/chart_values.tpl", { host = var.host, tls_secret_name = var.tls_secret_name })]
+
+  depends_on = [kubernetes_persistent_volume.vault_data]
+}
+
+module "ingress" {
+  source          = "../ingress_factory"
+  namespace       = "vault"
+  name            = "vault"
+  service_name    = "vault-ui"
+  port            = 8200
+  tls_secret_name = var.tls_secret_name
+  protected       = true
 }
diff --git a/terraform.tfstate b/terraform.tfstate
index 0a424cd1..8a2363ee 100644
Binary files a/terraform.tfstate and b/terraform.tfstate differ