diff --git a/.github/workflows/_e2e-test.yml b/.github/workflows/_e2e-test.yml
index e063452..3ffecab 100644
--- a/.github/workflows/_e2e-test.yml
+++ b/.github/workflows/_e2e-test.yml
@@ -23,8 +23,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - name: install Taskfile
-        run: mkdir bin && cd bin ; curl -Ls https://github.com/go-task/task/releases/download/v3.13.0/task_linux_amd64.tar.gz | tar -xz task
       - name: e2e test
-        run: PATH=./bin:$PATH ./bin/task go:e2e-tests:${{ inputs.provider }} KIND_CLUSTER_VERSION=${{ inputs.kubever }}
+        run: make go:e2e-tests:${{ inputs.provider }} KIND_CLUSTER_VERSION=${{ inputs.kubever }}
 
diff --git a/.github/workflows/generator-test-on-pr.yml b/.github/workflows/generator-test-on-pr.yml
index a343ab9..bce4656 100644
--- a/.github/workflows/generator-test-on-pr.yml
+++ b/.github/workflows/generator-test-on-pr.yml
@@ -22,8 +22,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - name: install Taskfile
-        run: mkdir bin && cd bin ; curl -Ls https://github.com/go-task/task/releases/download/v3.13.0/task_linux_amd64.tar.gz | tar -xz task
       - uses: "finnp/create-file-action@master"
         env:
           FILE_NAME: "trousseau-env"
@@ -39,16 +37,12 @@ jobs:
             TR_AWSKMS_CONFIG=${PWD}/tests/e2e/kuttl/kube-v1.24/awskms.yaml
             TR_VAULT_CONFIG=${PWD}/tests/e2e/kuttl/kube-v1.24/vault.yaml
       - name: generate services
-        run: PATH=./bin:$PATH ./bin/task prod:generate:docker-compose ENV_LOCATION=trousseau-env
-      - name: validate compose files
-        run: cd generated_manifests/docker-compose ; docker compose -f docker-compose.yaml -f docker-compose.override.awskms.yaml -f docker-compose.override.vault.yaml config
+        run: make prod:generate:docker-compose ENV_LOCATION=trousseau-env
   kustomize:
     name: kustomize
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
-      - name: install Taskfile
-        run: mkdir bin && cd bin ; curl -Ls https://github.com/go-task/task/releases/download/v3.13.0/task_linux_amd64.tar.gz | tar -xz task
       - uses: "finnp/create-file-action@master"
         env:
           FILE_NAME: "awskms.yaml"
@@ -70,12 +64,31 @@ jobs:
             TR_VAULT_CONFIG=${PWD}/tests/e2e/kuttl/kube-v1.24/vault.yaml
             TR_VAULT_ADDRESS=http://127.0.0.1:8200
       - name: generate services
-        run: PATH=./bin:$PATH ./bin/task prod:generate:kustomize ENV_LOCATION=trousseau-env
-      - uses: karancode/kustomize-github-action@master
-        with:
-          kustomize_version: '4.5.5'
-          kustomize_build_dir: 'generated_manifests/kustomize'
-          kustomize_output_file: "manifests.yaml"
-      - uses: makocchi-git/actions-k8s-manifests-validate-kubeval@master
-        with:
-          files: manifests.yaml
+        run: make prod:generate:kustomize ENV_LOCATION=trousseau-env
+  helm:
+    name: helm
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: "finnp/create-file-action@master"
+        env:
+          FILE_NAME: "awskms.yaml"
+          FILE_DATA: |
+            profile: default
+      - uses: "finnp/create-file-action@master"
+        env:
+          FILE_NAME: "trousseau-env"
+          FILE_DATA: |
+            TR_VERBOSE_LEVEL=3
+            TR_ENABLED_PROVIDERS="--enabled-providers=awskms --enabled-providers=vault"
+            TR_SOCKET_LOCATION=${PWD}/bin/run
+            TR_PROXY_IMAGE=ondat/trousseau:proxy-develop
+            TR_AWSKMS_IMAGE=ondat/trousseau:awskms-develop
+            TR_VAULT_IMAGE=ondat/trousseau:vault-develop
+            TR_TROUSSEAU_IMAGE=ondat/trousseau:trousseau-develop
+            TR_AWSKMS_CREDENTIALS=${HOME}/.aws/credentials
+            TR_AWSKMS_CONFIG=${PWD}/tests/e2e/kuttl/kube-v1.24/awskms.yaml
+            TR_VAULT_CONFIG=${PWD}/tests/e2e/kuttl/kube-v1.24/vault.yaml
+            TR_VAULT_ADDRESS=http://127.0.0.1:8200
+      - name: generate services
+        run: make prod:generate:helm ENV_LOCATION=trousseau-env
diff --git a/.task/prod.yml b/.task/prod.yml
index 65a7288..b0e589f 100644
--- a/.task/prod.yml
+++ b/.task/prod.yml
@@ -46,19 +46,36 @@ tasks:
       - gen-dir:init
       - :fetch:envsubst
     cmds:
-      - mkdir -p generated_manifests/docker-compose ; rm -rf generated_manifests/docker-compose/*
+      - rm -rf generated_manifests/docker-compose/* ; mkdir -p generated_manifests/docker-compose
       - source {{.ENV_LOCATION}} ;
         export $(echo "${!TR_*}") ;
-        for f in `cd deployment ; find docker-compose -type f`; do ./bin/envsubst -no-empty -i deployment/$f -o generated_manifests/$f; done
+        for f in `cd deployment ; find docker-compose -type f`; do ./bin/envsubst -no-empty -i deployment/$f -o generated_manifests/$f; done ;
+        (cd generated_manifests/docker-compose ; docker compose -f docker-compose.yaml -f docker-compose.override.awskms.yaml -f docker-compose.override.vault.yaml config 1>/dev/null)
   generate:kustomize:
     desc: generate kustomize manifests
     deps:
       - gen-dir:init
       - :fetch:envsubst
     cmds:
-      - mkdir -p generated_manifests/kustomize ; rm -rf generated_manifests/kustomize/*
+      - rm -rf generated_manifests/kustomize/* ; mkdir -p generated_manifests/kustomize
       - source {{.ENV_LOCATION}} ;
         TR_ENABLED_PROVIDERS=$(echo ${TR_ENABLED_PROVIDERS} | sed "s/ --/\n            - --/") ;
         test -n "${TR_AWSKMS_CONFIG}" && TR_AWSKMS_CONFIG=$(cat ${TR_AWSKMS_CONFIG} 2>/dev/null | sed 's/^/    /') ;
         export $(echo "${!TR_*}") ;
-        for f in `cd deployment ; find kustomize -type f`; do ./bin/envsubst -no-empty -i deployment/$f -o generated_manifests/$f; done
+        for f in `cd deployment ; find kustomize -type f`; do ./bin/envsubst -no-empty -i deployment/$f -o generated_manifests/$f; done ;
+        docker run --rm -v $PWD/generated_manifests/kustomize:/work -w /work nixery.dev/shell/kustomize/kubeval sh -c 'kustomize build | kubeval'
+  generate:helm:
+    desc: generate docker compose services
+    deps:
+      - gen-dir:init
+      - :fetch:envsubst
+    cmds:
+      - rm -rf generated_manifests/helm/*
+      - cp -rf deployment/helm generated_manifests
+      - source {{.ENV_LOCATION}} ;
+        test -n "${TR_AWSKMS_CONFIG}" && cat ${TR_AWSKMS_CONFIG} | sed 's/^/    /' > generated_manifests/helm/awsconfig.yaml ;
+        TR_AWSKMS_CONFIG=awsconfig.yaml;
+        TR_ENABLED_PROVIDERS=$(echo ${TR_ENABLED_PROVIDERS} | sed "s/ --/\n    - --/") ;
+        export $(echo "${!TR_*}") ;
+        ./bin/envsubst -no-empty -i deployment/helm/values.yaml -o generated_manifests/helm/values.yaml ;
+        docker run --rm -v $PWD/generated_manifests/helm:/work -w /work nixery.dev/shell/kubernetes-helm sh -c 'helm lint && helm template ../work 1>/dev/null'
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..7182496
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,4 @@
+%:
+	mkdir -p bin && test -f ./bin/task || (cd bin ; curl -Ls https://github.com/go-task/task/releases/download/v3.13.0/task_linux_amd64.tar.gz | tar -xz task)
+
+	PATH=./bin:$(PATH) ./bin/task $@
\ No newline at end of file
diff --git a/README.md b/README.md
index 48082cd..1e77eda 100644
--- a/README.md
+++ b/README.md
@@ -74,7 +74,7 @@ Create shared items on target host:
 mkdir -p $TR_SOCKET_LOCATION
 sudo chown 10123:10123 $TR_SOCKET_LOCATION
 sudo chown 10123:10123 $TR_AWSKMS_CREDENTIALS
-# On case you disabled Vault agen config generation
+# On case you haven't enable Vault agen config generation
 sudo chown 10123:10123 $TR_VAULT_CONFIG
 ```
 
@@ -98,16 +98,18 @@ token: token
 
 Generate service files or manifests:
 ```bash
-task prod:generate:systemd ENV_LOCATION=./bin/trousseau-env
-task prod:generate:docker-compose ENV_LOCATION=./bin/trousseau-env
-task prod:generate:kubernetes ENV_LOCATION=./bin/trousseau-env
+make prod:generate:systemd ENV_LOCATION=./bin/trousseau-env
+make prod:generate:docker-compose ENV_LOCATION=./bin/trousseau-env
+make prod:generate:kustomize ENV_LOCATION=./bin/trousseau-env
+make prod:generate:helm ENV_LOCATION=./bin/trousseau-env
 ```
 
 Verify output:
 ```bash
 ls -l generated_manifests/systemd
 ls -l generated_manifests/docker-compose
-ls -l generated_manifests/kubernetes
+ls -l generated_manifests/kustomize
+ls -l generated_manifests/helm
 ```
 
 Deploy the application and configure encryption:
diff --git a/deployment/helm/.helmignore b/deployment/helm/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/deployment/helm/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/deployment/helm/Chart.yaml b/deployment/helm/Chart.yaml
new file mode 100644
index 0000000..2c343d1
--- /dev/null
+++ b/deployment/helm/Chart.yaml
@@ -0,0 +1,15 @@
+apiVersion: v2
+name: Trousseau
+description: A Helm chart for Trousseau, an open-source project leveraging the Kubernetes KMS provider framework to connect with Key Management Services the Kubernetes native way!
+type: application
+version: 0.0.1
+appVersion: "2.0.0"
+keywords:
+- secret
+- kms
+- envelop encryption
+- encryption at rest
+home: https://trousseau.io
+icon: https://www.ondat.io/hs-fs/hubfs/signature-mono.png
+sources:
+- https://github.com/ondat/trousseau
diff --git a/deployment/helm/templates/configmap-awskms.yaml b/deployment/helm/templates/configmap-awskms.yaml
new file mode 100644
index 0000000..470735c
--- /dev/null
+++ b/deployment/helm/templates/configmap-awskms.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: trousseau-awskms-config
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- toYaml .Values.commonLabels | nindent 4 }}
+data:
+  config.yaml: |
+{{ .Files.Get .Values.awskms.configPath | indent 2 }}
diff --git a/deployment/helm/templates/configmap-vault.yaml b/deployment/helm/templates/configmap-vault.yaml
new file mode 100644
index 0000000..350ab7d
--- /dev/null
+++ b/deployment/helm/templates/configmap-vault.yaml
@@ -0,0 +1,47 @@
+{{- if .Values.vault.withConfigGenerator -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: trousseau-vault-agent-config
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- toYaml .Values.commonLabels | nindent 4 }}
+data:
+  vault-agent-config.hcl: |
+    exit_after_auth = true
+    pid_file = "/home/vault/pidfile"
+    auto_auth {
+        method "kubernetes" {
+            mount_path = "auth/kubernetes"
+            config = {
+                role = "trousseau"
+            }
+        }
+        sink "file" {
+            config = {
+                path = "/home/vault/.vault-token"
+            }
+        }
+    }
+
+    template {
+    destination = "{{ .Values.vault.configPath }}"
+    contents = <<EOT
+    {{ "{{" }}- with secret "secret/data/trousseau/config" {{ "}}" }}
+    --- 
+    keyNames:
+    - {{ "{{" }} .Data.data.transitkeyname {{ "}}" }}
+    address: {{ "{{" }} .Data.data.vaultaddress {{ "}}" }}
+    token: {{ "{{" }} .Data.data.vaulttoken {{ "}}" }}
+    # clientCert: {{ "{{" }} .Data.data.clientcert {{ "}}" }}
+    # clientKey: {{ "{{" }} .Data.data.clientkey {{ "}}" }}
+    # roleID: {{ "{{" }} .Data.data.roleid {{ "}}" }}
+    # secretID: {{ "{{" }} .Data.data.secretid {{ "}}" }}
+    # vaultCACert: {{ "{{" }} .Data.data.vaultcacert {{ "}}" }}
+    # tlsServerName: {{ "{{" }} .Data.data.tlsservername {{ "}}" }}
+    # transitPath: {{ "{{" }} .Data.data.transitpath {{ "}}" }}
+    # authPath: {{ "{{" }} .Data.data.authpath {{ "}}" }}
+    {{ "{{" }} end {{ "}}" }}
+    EOT
+    }
+{{- end }}
diff --git a/deployment/helm/templates/daemonset.yaml b/deployment/helm/templates/daemonset.yaml
new file mode 100644
index 0000000..6180e08
--- /dev/null
+++ b/deployment/helm/templates/daemonset.yaml
@@ -0,0 +1,196 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: trousseau-kms-provider
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- toYaml .Values.commonLabels | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      name: trousseau-kms-provider
+  template:
+    metadata:
+      labels:
+        name: trousseau-kms-provider
+        {{- toYaml .Values.commonLabels | nindent 8 }}
+    spec:
+{{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+{{- end }}
+      serviceAccountName: trousseau-auth
+      priorityClassName: system-cluster-critical
+      initContainers:
+        - name: trousseau-directory
+          image: busybox:stable-glibc
+          command: [ 'sh', '-c', 'mkdir -p /mnt/shared/trousseau ; chown 10123:10123 /mnt/shared/trousseau' ]
+          volumeMounts:
+            - name: shared-data
+              mountPath: /mnt/shared
+{{- if .Values.awskms.enabled }}
+        - name: awskms-directory
+          image: busybox:stable-glibc
+          command: [ 'sh', '-c', 'mkdir -p /mnt/shared/awskms ; chown 10123:10123 /mnt/shared/awskms' ]
+          volumeMounts:
+            - name: shared-data
+              mountPath: /mnt/shared
+{{- end }}
+{{- if .Values.vault.enabled }}
+        - name: vault-directory
+          image: busybox:stable-glibc
+          command: [ 'sh', '-c', 'mkdir -p /mnt/shared/vault ; chown 10123:10123 /mnt/shared/vault' ]
+          volumeMounts:
+            - name: shared-data
+              mountPath: /mnt/shared
+{{- if .Values.vault.withConfigGenerator }}
+        - name: vault-agent
+          image: vault
+          args:
+            - agent
+            - -config=/etc/vault/vault-agent-config.hcl
+            - -log-level=debug
+          env:
+            - name: VAULT_ADDR
+              value: {{ .Values.vault.address }}
+          volumeMounts:
+            - name: vault-agent-config
+              mountPath: /etc/vault
+              readOnly: true
+            - name: vault-config
+              mountPath: {{ .Values.vault.configPath }}
+{{- end }}
+{{- end }}
+      containers:
+        - name: proxy
+          image: {{ .Values.proxy.image }}
+          args:
+            - --listen-addr=unix:///opt/trousseau-kms/proxy.socket
+            - --trousseau-addr=/mnt/shared/trousseau/trousseau.socket
+          volumeMounts:
+            - name: trousseau-kms
+              mountPath: /opt/trousseau-kms
+            - name: shared-data
+              mountPath: /mnt/shared
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.podSecurityContext | nindent 12 }}
+        - name: trousseau
+          image: {{ .Values.trousseau.image }}
+          args:
+            - --listen-addr=unix:///mnt/shared/trousseau/trousseau.socket
+            - --socket-location=/mnt/shared
+{{- with .Values.trousseau.enabledProviders }}
+            {{- toYaml . | nindent 12 }}
+{{- end }}
+            - -v={{ .Values.verbose_level }}
+          volumeMounts:
+            - name: shared-data
+              mountPath: /mnt/shared
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.podSecurityContext | nindent 12 }}
+          ports:
+            - containerPort: 8787
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8787
+            failureThreshold: 3
+            periodSeconds: 10
+{{- if .Values.awskms.enabled }}
+        - name: awskms
+          image: {{ .Values.awskms.image }}
+          env:
+            - name: AWS_SHARED_CREDENTIALS_FILE
+              value: {{ .Values.awskms.credentialsPath }}
+          args:
+            - --listen-addr=unix:///mnt/shared/awskms/awskms.socket
+            - --config-file-path=/etc/aws/config.yaml
+            - -v={{ .Values.verbose_level }}
+          volumeMounts:
+            - name: awskms-config
+              mountPath: /etc/aws
+              readOnly: true
+            - name: awskms-credentials
+              mountPath: {{ .Values.awskms.credentialsPath }}
+              readOnly: true
+            - name: shared-data
+              mountPath: /mnt/shared
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.podSecurityContext | nindent 12 }}
+{{- end }}
+{{- if .Values.vault.enabled }}
+        - name: vault
+          image: {{ .Values.vault.image }}
+          args:
+            - --listen-addr=unix:///mnt/shared/vault/vault.socket
+            - --config-file-path={{ .Values.vault.configPath }}
+            - -v={{ .Values.verbose_level }}
+          volumeMounts:
+            - name: vault-config
+              mountPath: {{ .Values.vault.configPath }}
+              readOnly: true
+            - name: shared-data
+              mountPath: /mnt/shared
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.podSecurityContext | nindent 12 }}
+{{- end }}
+      volumes:
+        - name: trousseau-kms
+          hostPath:
+            path: {{ .Values.socketLocation }}
+            type: Directory
+        - emptyDir: {}
+          name: shared-data
+{{- if .Values.awskms.enabled }}
+        - configMap:
+            items:
+              - key: config.yaml
+                path: config.yaml
+            name: trousseau-awskms-config
+          name: awskms-config
+        - hostPath:
+            path: {{ .Values.awskms.credentialsPath }}
+            type: File
+          name: awskms-credentials
+{{- end }}
+{{- if .Values.vault.enabled }}
+{{- if .Values.vault.withConfigGenerator }}
+        - configMap:
+            items:
+              - key: vault-agent-config.hcl
+                path: vault-agent-config.hcl
+            name: trousseau-vault-agent-config
+          name: vault-agent-config
+        - emptyDir: {}
+          hostPath:
+          name: vault-config
+{{- else }}
+        - hostPath:
+            path: {{ .Values.vault.configPath }}
+            type: File
+          name: vault-config
+{{- end }}
+{{- end }}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/control-plane
+                    operator: Exists
+      tolerations:
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: NoSchedule
+        - key: node-role.kubernetes.io/etcd
+          operator: Exists
+          effect: NoExecute
\ No newline at end of file
diff --git a/deployment/helm/templates/rbac.yaml b/deployment/helm/templates/rbac.yaml
new file mode 100644
index 0000000..ac99f41
--- /dev/null
+++ b/deployment/helm/templates/rbac.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: trousseau-auth
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- toYaml .Values.commonLabels | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+   name: role-tokenreview-binding
+   labels:
+    {{- toYaml .Values.commonLabels | nindent 4 }}
+roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: trousseau-auth
+  namespace: kube-system
\ No newline at end of file
diff --git a/deployment/helm/values.yaml b/deployment/helm/values.yaml
new file mode 100644
index 0000000..163e420
--- /dev/null
+++ b/deployment/helm/values.yaml
@@ -0,0 +1,52 @@
+# Default values for trousseau.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+namespace: kube-system
+
+commonLabels:
+  tier: control-plane
+  app: trousseau-kms-provider
+
+verbose_level: ${TR_VERBOSE_LEVEL}
+
+socketLocation: ${TR_SOCKET_LOCATION}
+
+awskms:
+  enabled: true
+  image: ${TR_AWSKMS_IMAGE}
+  configPath: ${TR_AWSKMS_CONFIG}
+  credentialsPath: ${TR_AWSKMS_CREDENTIALS}
+
+vault:
+  enabled: true
+  withConfigGenerator: false
+  image: ${TR_VAULT_IMAGE}
+  address: ${TR_VAULT_ADDRESS}
+  configPath: ${TR_VAULT_CONFIG}
+
+proxy:
+  image: ${TR_PROXY_IMAGE}
+
+trousseau:
+  image: ${TR_TROUSSEAU_IMAGE}
+  enabledProviders:
+    - ${TR_ENABLED_PROVIDERS}
+
+imagePullSecrets: []
+
+podSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+  runAsUser: 10123
+  runAsGroup: 10123
+
+resources:
+  requests:
+    cpu: 50m
+    memory: 64Mi
+  limits:
+    cpu: 300m
+    memory: 256Mi
diff --git a/deployment/kustomize/daemonset.yaml b/deployment/kustomize/daemonset.yaml
index a9a8bcc..31a3585 100644
--- a/deployment/kustomize/daemonset.yaml
+++ b/deployment/kustomize/daemonset.yaml
@@ -1,4 +1,3 @@
-
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
diff --git a/deployment/kustomize/kustomization.yaml b/deployment/kustomize/kustomization.yaml
index ff35aa8..4f0c541 100644
--- a/deployment/kustomize/kustomization.yaml
+++ b/deployment/kustomize/kustomization.yaml
@@ -6,10 +6,10 @@ resources:
 - rbac.yaml
 - daemonset.yaml
 - configmap-awskms.yaml
-# Disable if you have the Vault config on your host
-- configmap-vault.yaml
+# Enable if you have the Vault config generator
+# - configmap-vault.yaml
 patchesStrategicMerge:
 - sidecar-awskms.yaml
 - sidecar-vault.yaml
-# Disable if you have the Vault config on your host
-- configmap-vault-generator.yaml
\ No newline at end of file
+# Enable if you have the Vault config generator
+# - configmap-vault-generator.yaml
\ No newline at end of file