diff --git a/infrastructure/flux-system/kustomization-helm.yaml b/infrastructure/flux-system/kustomization-helm.yaml
new file mode 100644
index 0000000..6788b5b
--- /dev/null
+++ b/infrastructure/flux-system/kustomization-helm.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: helm
+  namespace: flux-system
+spec:
+  interval: 30m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  path: ./infrastructure/sources/helm
+  prune: true
+  wait: false
+  targetNamespace: flux-system
diff --git a/infrastructure/flux-system/kustomization-vault.yaml b/infrastructure/flux-system/kustomization-vault.yaml
index 88806fd..0755b99 100644
--- a/infrastructure/flux-system/kustomization-vault.yaml
+++ b/infrastructure/flux-system/kustomization-vault.yaml
@@ -5,8 +5,13 @@ metadata:
   namespace: flux-system
 spec:
   interval: 10m
-  path: ./services/vault
-  prune: true
   sourceRef:
     kind: GitRepository
     name: flux-system
+    namespace: flux-system
+  path: ./services/vault
+  targetNamespace: vault
+  prune: true
+  wait: true
+  dependsOn:
+    - name: sources-helm
diff --git a/infrastructure/flux-system/kustomization.yaml b/infrastructure/flux-system/kustomization.yaml
index b2f61e1..c1ea011 100644
--- a/infrastructure/flux-system/kustomization.yaml
+++ b/infrastructure/flux-system/kustomization.yaml
@@ -6,6 +6,7 @@ resources:
 - gotk-sync.yaml
 - kustomization-zot.yaml
 - kustomization-core.yaml
+- kustomization-helm.yaml
 - kustomization-gitea.yaml
 - kustomization-vault.yaml
 - kustomization-crypto.yaml
diff --git a/infrastructure/sources/helm/grafana.yaml b/infrastructure/sources/helm/grafana.yaml
new file mode 100644
index 0000000..1235012
--- /dev/null
+++ b/infrastructure/sources/helm/grafana.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: grafana
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://grafana.github.io/helm-charts
diff --git a/services/vault/helmrepo.yaml b/infrastructure/sources/helm/hashicorp.yaml
similarity index 63%
rename from services/vault/helmrepo.yaml
rename to infrastructure/sources/helm/hashicorp.yaml
index bb9756a..edf563e 100644
--- a/services/vault/helmrepo.yaml
+++ b/infrastructure/sources/helm/hashicorp.yaml
@@ -1,8 +1,8 @@
-apiVersion: source.toolkit.fluxcd.io/v1beta2
+apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
   name: hashicorp
-  namespace: vault
+  namespace: flux-system
 spec:
   interval: 1h
   url: https://helm.releases.hashicorp.com
diff --git a/infrastructure/sources/helm/jetstack.yaml b/infrastructure/sources/helm/jetstack.yaml
new file mode 100644
index 0000000..e842402
--- /dev/null
+++ b/infrastructure/sources/helm/jetstack.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: jetstack
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://charts.jetstack.io
diff --git a/infrastructure/sources/helm/prometheus.yaml b/infrastructure/sources/helm/prometheus.yaml
new file mode 100644
index 0000000..33109dc
--- /dev/null
+++ b/infrastructure/sources/helm/prometheus.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: prometheus
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://prometheus-community.github.io/helm-charts
diff --git a/services/vault/helmrelease.yaml b/services/vault/helmrelease.yaml
index fa08a58..9d6a6be 100644
--- a/services/vault/helmrelease.yaml
+++ b/services/vault/helmrelease.yaml
@@ -1,39 +1,42 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: vault
-  namespace: flux-system
+  namespace: vault
 spec:
-  interval: 15m
+  interval: 30m
   chart:
     spec:
       chart: vault
-      version: "0.28.x"
+      version: 0.x.x
       sourceRef:
         kind: HelmRepository
         name: hashicorp
         namespace: flux-system
+  install:
+    remediation: { retries: 3 }
+  upgrade:
+    remediation: { retries: 3 }
   values:
-    global:
+    injector:
       enabled: true
+      resources:
+        requests: { cpu: "50m", memory: "64Mi" }
+    csi:
+      enabled: false
     server:
       ha:
         enabled: true
-        replicas: 3
+        replicas: 1
         raft:
           enabled: true
       dataStorage:
         enabled: true
-        size: 5Gi
-        storageClassName: astreae
-      service:
-        type: ClusterIP
-      ingress:
-        enabled: false
+        size: 10Gi
+        storageClass: sc-astreae
       resources:
         requests: { cpu: "100m", memory: "256Mi" }
-        limits:   { cpu: "500m", memory: "512Mi" }
-    injector:
-      enabled: true
-    csi:
+      service:
+        type: ClusterIP
+    ui:
       enabled: true
diff --git a/services/vault/kustomization.yaml b/services/vault/kustomization.yaml
index eefbc9b..ae64c73 100644
--- a/services/vault/kustomization.yaml
+++ b/services/vault/kustomization.yaml
@@ -3,5 +3,4 @@ kind: Kustomization
 namespace: vault
 resources:
   - namespace.yaml
-  - helmrepo.yaml
   - helmrelease.yaml