diff --git a/apps/vault/deployment.yaml b/apps/vault/deployment.yaml
index 01e1785..737aac5 100644
--- a/apps/vault/deployment.yaml
+++ b/apps/vault/deployment.yaml
@@ -13,8 +13,6 @@ spec:
       labels:
         app: vault
     spec:
-      securityContext:
-        fsGroup: 1000
       containers:
       - name: vault
         image: hashicorp/vault:1.16
@@ -26,14 +24,21 @@ spec:
           capabilities:
             add:
               - IPC_LOCK
-        ports:
-        - containerPort: 8200
-        - containerPort: 8201
+        env:
+        - name: VAULT_DISABLE_CHOWN
+          value: "true"
         volumeMounts:
         - name: config
           mountPath: /vault/config
+          readOnly: true
+        - name: data
+          mountPath: /vault/data
       volumes:
       - name: config
         configMap:
           name: vault-config
+      - name: data
+        persistentVolumeClaim:
+          claimName: vault-pvc
+