diff --git a/infra/cert-manager/templates/vault-issuer.yaml b/infra/cert-manager/templates/vault-issuer.yaml
new file mode 100644
index 0000000..6fca7f6
--- /dev/null
+++ b/infra/cert-manager/templates/vault-issuer.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: vault-issuer
+  namespace: sandbox
+spec:
+  vault:
+    path: pki/sign/infra
+    server: https://vault.local
+    auth:
+      kubernetes:
+        role: vault-issuer-role
+        mountPath: /v1/auth/jwt-cluster001
+        serviceAccountRef:
+          name: vault-issuer
\ No newline at end of file
diff --git a/infra/vault/templates/sa.yaml b/infra/vault/templates/sa.yaml
new file mode 100644
index 0000000..e298701
--- /dev/null
+++ b/infra/vault/templates/sa.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: issuer
diff --git a/infra/vault/templates/secret-store.yaml b/infra/vault/templates/secret-store.yaml
index 17f1690..7882420 100644
--- a/infra/vault/templates/secret-store.yaml
+++ b/infra/vault/templates/secret-store.yaml
@@ -14,3 +14,4 @@ spec:
           role: "external-secrets"
           serviceAccountRef:
             name: "vault"
+