diff --git a/dmz/vault/templates/secrets.yaml b/dmz/vault/templates/secrets.yaml
index b1dd3f4..ba9f7bf 100644
--- a/dmz/vault/templates/secrets.yaml
+++ b/dmz/vault/templates/secrets.yaml
@@ -5,3 +5,17 @@ metadata:
   annotations:
     kubernetes.io/service-account.name: vault-dmz
 type: kubernetes.io/service-account-token
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+   name: role-tokenreview-binding
+   namespace: vault
+roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: vault-auth
+  namespace: default