diff --git a/home/system/kustomization.yaml b/home/system/kustomization.yaml
index c37923cb..205d71b3 100644
--- a/home/system/kustomization.yaml
+++ b/home/system/kustomization.yaml
@@ -2,8 +2,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- cloudflare
-- external-dns
-- external-secret.yaml
-- vault.yaml
-- csi-driver-nfs.yaml
+  - cloudflare
+  - external-dns
+  - external-secret.yaml
+  - vault
+  - csi-driver-nfs.yaml
diff --git a/home/system/vault/backup.yaml b/home/system/vault/backup.yaml
new file mode 100644
index 00000000..9b179341
--- /dev/null
+++ b/home/system/vault/backup.yaml
@@ -0,0 +1,19 @@
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+  name: vault-config
+  namespace: vault
+spec:
+  sourcePVC: data-vault-0
+  trigger:
+    schedule: "*/30 * * * *"
+  restic:
+    pruneIntervalDays: 7
+    repository: restic-credentials
+    retain:
+      hourly: 2
+      daily: 5
+      weekly: 4
+      monthly: 2
+      yearly: 1
+    copyMethod: Direct
diff --git a/home/system/vault/kustomization.yaml b/home/system/vault/kustomization.yaml
new file mode 100644
index 00000000..bd9cd049
--- /dev/null
+++ b/home/system/vault/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - vault.yaml
+  - backup.yaml
+  - restic-credential.yaml
diff --git a/home/system/vault/restic-credential.yaml b/home/system/vault/restic-credential.yaml
new file mode 100644
index 00000000..fd7605b1
--- /dev/null
+++ b/home/system/vault/restic-credential.yaml
@@ -0,0 +1,29 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: restic-credentials
+  namespace: vault
+spec:
+  refreshInterval: "30s"
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: restic-credentials
+  data:
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        key: restic
+        property: MINIO_HOME_ACCESSKEY
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        key: restic
+        property: MINIO_HOME_SECRETKEY
+    - secretKey: RESTIC_PASSWORD
+      remoteRef:
+        key: restic
+        property: RESTIC_PASSWORD
+    - secretKey: RESTIC_REPOSITORY
+      remoteRef:
+        key: restic
+        property: RESTIC_REPOSITORY_VAULT
diff --git a/home/system/vault.yaml b/home/system/vault/vault.yaml
similarity index 100%
rename from home/system/vault.yaml
rename to home/system/vault/vault.yaml