diff --git a/secrets/kubernetes/bindings.yaml b/secrets/kubernetes/bindings.yaml
new file mode 100644
index 00000000..88c0caf7
--- /dev/null
+++ b/secrets/kubernetes/bindings.yaml
@@ -0,0 +1,40 @@
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: k8s-secrets-abilities-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: k8s-secrets-abilities
+subjects:
+- kind: ServiceAccount
+  name: vault
+  namespace: vault
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: demo-clusterrole-abilities
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: demo-cluster-role-list-pods
+subjects:
+- kind: ServiceAccount
+  name: vault
+  namespace: vault
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: demo-role-abilities
+  namespace: demo
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: demo-role-list-pods
+subjects:
+- kind: ServiceAccount
+  name: sample-app
+  namespace: demo
diff --git a/secrets/kubernetes/roles.yaml b/secrets/kubernetes/roles.yaml
new file mode 100644
index 00000000..30c00814
--- /dev/null
+++ b/secrets/kubernetes/roles.yaml
@@ -0,0 +1,47 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: k8s-secrets-abilities
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+- apiGroups: [""]
+  resources: 
+  - serviceaccounts
+  verbs:
+  - create
+  - delete
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources: 
+  - roles
+  - rolebindings
+  - clusterroles
+  - clusterrolebindings
+  verbs:
+  - create
+  - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: demo-role-list-pods
+  namespace: demo
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: demo-cluster-role-list-pods
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["list","get","delete"]
+ 
\ No newline at end of file
diff --git a/secrets/kubernetes/serviceAccounts.yaml b/secrets/kubernetes/serviceAccounts.yaml
new file mode 100644
index 00000000..9ce46e56
--- /dev/null
+++ b/secrets/kubernetes/serviceAccounts.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sample-app
+  namespace: demo
diff --git a/secrets/kubernetes/values.yaml b/secrets/kubernetes/values.yaml
new file mode 100644
index 00000000..de18faad
--- /dev/null
+++ b/secrets/kubernetes/values.yaml
@@ -0,0 +1,11 @@
+global:
+  enabled: false
+
+server:
+  enabled: true
+  image:
+    repository: hashicorp/vault
+    tag: 1.11.0-rc1
+  dev:
+    enabled: true
+  logLevel: debug