diff --git a/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml b/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml
index 44d4ceb..e6f567b 100644
--- a/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml
+++ b/clusters/yc-k8s-test/infrastructure/patches/istio-config.yaml
@@ -73,6 +73,12 @@ spec:
               issuerRef:
                 name: letsencrypt-issuer-istio
                 kind: ClusterIssuer
+            vault-tls:
+              dnsNames:
+                - vault.contour.infra.sarex.tech
+              issuerRef:
+                name: letsencrypt-issuer-istio
+                kind: ClusterIssuer    
         istio:
           gateways:
             minio:
@@ -115,6 +121,14 @@ spec:
                     - keycloak.contour.infra.sarex.tech
                   tls:
                     credentialName: keycloak-tls
+            vault:
+              name: vault-gateway
+              namespace: vault
+              servers:
+                - hosts:
+                    - vault.contour.infra.sarex.tech
+                  tls:
+                    credentialName: vault-tls        
             camunda:
               name: camunda-gateway
               namespace: gateway
@@ -140,6 +154,18 @@ spec:
                   tls:
                     credentialName: camunda-optimize-tls
           virtualServices:
+            vault:
+              name: vault-virt-service
+              namespace: gateway
+              hosts:
+                - vault.contour.infra.sarex.tech
+              gateways:
+                - gateway/vault-gateway
+              routes:
+                - path:
+                    prefix: /
+                  service: vault-vault-contour.vault.svc.cluster.local
+                  port: 8200
             minio:
               name: minio-virt-service
               namespace: gateway