diff --git a/black-start/services/vault/.gitignore b/black-start/services/vault/.gitignore
new file mode 100644
index 0000000..ab968f1
--- /dev/null
+++ b/black-start/services/vault/.gitignore
@@ -0,0 +1,4 @@
+logs/
+data/
+certs/
+file/
\ No newline at end of file
diff --git a/black-start/services/vault/config/config.hcl b/black-start/services/vault/config/config.hcl
new file mode 100644
index 0000000..8c54be6
--- /dev/null
+++ b/black-start/services/vault/config/config.hcl
@@ -0,0 +1,17 @@
+ui = true
+disable_mlock = "true"
+
+storage "raft" {
+  path    = "/vault/data"
+  node_id = "node1"
+}
+
+listener "tcp" {
+  address = "[::]:8200"
+  tls_disable = "false"
+  tls_cert_file = "/certs/server.crt"
+  tls_key_file  = "/certs/server.key"
+}
+
+api_addr = "https://weyma-vault.infra.dubyatp.xyz:8200"
+cluster_addr = "https://weyma-vault.infra.dubyatp.xyz:8200"
\ No newline at end of file
diff --git a/black-start/services/vault/docker-compose.yaml b/black-start/services/vault/docker-compose.yaml
new file mode 100644
index 0000000..e664e6a
--- /dev/null
+++ b/black-start/services/vault/docker-compose.yaml
@@ -0,0 +1,21 @@
+services:
+  vault:
+    image: hashicorp/vault:1.18
+    environment:
+      VAULT_ADDR: "https://weyma-vault.infra.dubyatp.xyz:8200"
+      VAULT_API_ADDR: "https://weyma-vault.infra.dubyatp.xyz:8200"
+      VAULT_ADDRESS: "https://weyma-vault.infra.dubyatp.xyz:8200"
+      VAULT_UI: true
+    ports:
+      - "8200:8200"
+      - "8201:8201"
+    restart: always
+    volumes:
+      - ./logs:/vault/logs/:rw
+      - ./data:/vault/data/:rw
+      - ./config:/vault/config/:rw
+      - ./certs:/certs/:rw
+      - ./file:/vault/file/:rw
+    cap_add:
+      - IPC_LOCK
+    entrypoint: vault server -config /vault/config/config.hcl
\ No newline at end of file