diff --git a/services/vault/scripts/vault_k8s_auth_configure.sh b/services/vault/scripts/vault_k8s_auth_configure.sh
index 140f1d4..48dfe78 100644
--- a/services/vault/scripts/vault_k8s_auth_configure.sh
+++ b/services/vault/scripts/vault_k8s_auth_configure.sh
@@ -16,7 +16,15 @@ ensure_token() {
   export VAULT_TOKEN
 }
 
-status_json="$(vault status -format=json || true)"
+status_json=""
+for attempt in 1 2 3 4 5 6; do
+  status_json="$(vault status -format=json 2>/dev/null || true)"
+  if [ -n "${status_json}" ]; then
+    break
+  fi
+  log "vault status failed; retrying (${attempt}/6)"
+  sleep $((attempt * 2))
+done
 if [ -z "${status_json}" ]; then
   log "vault status failed; check VAULT_ADDR and VAULT_TOKEN"
   exit 1
diff --git a/services/vault/scripts/vault_oidc_configure.sh b/services/vault/scripts/vault_oidc_configure.sh
index af74f60..0f569e8 100644
--- a/services/vault/scripts/vault_oidc_configure.sh
+++ b/services/vault/scripts/vault_oidc_configure.sh
@@ -16,7 +16,15 @@ ensure_token() {
   export VAULT_TOKEN
 }
 
-status_json="$(vault status -format=json || true)"
+status_json=""
+for attempt in 1 2 3 4 5 6; do
+  status_json="$(vault status -format=json 2>/dev/null || true)"
+  if [ -n "${status_json}" ]; then
+    break
+  fi
+  log "vault status failed; retrying (${attempt}/6)"
+  sleep $((attempt * 2))
+done
 if [ -z "${status_json}" ]; then
   log "vault status failed; check VAULT_ADDR and VAULT_TOKEN"
   exit 1