diff --git a/charts/aserto/Chart.lock b/charts/aserto/Chart.lock
index 36862cc..f0d22c9 100644
--- a/charts/aserto/Chart.lock
+++ b/charts/aserto/Chart.lock
@@ -21,4 +21,4 @@ dependencies:
   repository: file://../registry-proxy
   version: 0.1.6
 digest: sha256:a416841691e59b989714a06b49fdb540de61094d3ebbc5e935eb85b53f11387e
-generated: "2025-01-10T12:41:01.715504-05:00"
+generated: "2025-01-13T19:16:14.667044863+02:00"
diff --git a/charts/directory/templates/config.yaml b/charts/directory/templates/config.yaml
index bcc6f2e..5e8528d 100644
--- a/charts/directory/templates/config.yaml
+++ b/charts/directory/templates/config.yaml
@@ -156,4 +156,10 @@ stringData:
           - /grpc.reflection.v1.ServerReflection/ServerReflectionInfo
           authenticators_enabled:
             anonymous: true
-
+    {{- with .Values.secretsVault }}
+    secrets_vault:
+      address: {{ .address }}
+      insecure: {{ .insecure | default false }}
+      root_path: {{ .rootPath | default "/" }}
+      token: ""
+    {{- end }}
diff --git a/charts/directory/templates/deployment.yaml b/charts/directory/templates/deployment.yaml
index fa401ac..772edf2 100644
--- a/charts/directory/templates/deployment.yaml
+++ b/charts/directory/templates/deployment.yaml
@@ -166,6 +166,21 @@ spec:
             {{- end }}
             {{- end }}
 
+            {{- if .Values.secretsVault }}
+            {{- if .Values.secretsVault.token }}
+            - name: DIRECTORY_SECRETS_VAULT_TOKEN
+              value: {{ .Values.secretsVault.token }}
+            {{- else -}}
+            {{- with .Values.secretsVault.tokenSecret }}
+            - name: DIRECTORY_SECRETS_VAULT_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .name }}
+                  key: {{ .key }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
+
           {{- range $_, $tenant := .Values.tenants -}}
             {{- with $tenant.keysSecret }}
             - name: {{ printf "TENANT_%s_WRITER_KEY" (replace "." "_" $tenant.name | upper) }}
diff --git a/charts/directory/values.yaml b/charts/directory/values.yaml
index 0b75b84..081ff97 100644
--- a/charts/directory/values.yaml
+++ b/charts/directory/values.yaml
@@ -119,6 +119,18 @@ tenants:
 #       writerKey: writer
 #       readerKey: reader
 
+# secretsVault:
+#   [Optional] Vault token
+#   token: ""
+#   [Optional] Kubernetes secret containing the vault token
+#   tokenSecret:
+#     # Secret name
+#     name: ""
+#     # Secret key
+#     key: "token"
+#   address: "https://127.0.0.1:8200"
+#   rootPath: "/"
+#   insecure: true
 
 # Set the service log level (trace/debug/info/warn/error).
 # The default is 'info'.