diff --git a/TODO.md b/TODO.md
index 6369b20..3b5b615 100644
--- a/TODO.md
+++ b/TODO.md
@@ -12,12 +12,22 @@ Load group vars...
 * balise SBOM binaires vault/consul/nomad
 
 
+ROADMAP SEPTEMBRE:
 
-GITHUB HS  <-- MR
-    |
-    |
-FORK LOCAL TGB
-    |
-    |
-   CMC
+* Support RHEL family - juillet
+* tests mono node complet - aout
+* tests offline complet - aout
+* statuer sur version stable entre septembre 2024 et janvier 2025
+
+
+ROADMAP 1.0 (wood-dragon):
+
+* playbooks de back/restore à chaque étage.
+* playbooks de montée de version avec maintien data.
+* couverture de tests incluant multi mono et offline.
+* debian + RHEL family
+
+
+Alpine au printemps ?
+ajouter openwrt à la liste ?
 
diff --git a/docs/source/howto/vault/__submenu.md b/docs/source/howto/vault/__submenu.md
index 45bef7e..0cddc07 100644
--- a/docs/source/howto/vault/__submenu.md
+++ b/docs/source/howto/vault/__submenu.md
@@ -3,8 +3,9 @@
 ```{toctree}
 :maxdepth: 1
 
-onprem_deploy
-enable_vault_ldap
 snapshot
 restore
+upgrade
+onprem_deploy
+enable_vault_ldap
 ```
diff --git a/docs/source/howto/vault/restore.md b/docs/source/howto/vault/restore.md
index d32f9ea..cc491d5 100644
--- a/docs/source/howto/vault/restore.md
+++ b/docs/source/howto/vault/restore.md
@@ -1,4 +1,4 @@
-# restore snapshot
+# snapshot (restore)
 
 ```{admonition} Use case
 :class: note
diff --git a/docs/source/howto/vault/snapshot.md b/docs/source/howto/vault/snapshot.md
index 0fd4125..79aaf53 100644
--- a/docs/source/howto/vault/snapshot.md
+++ b/docs/source/howto/vault/snapshot.md
@@ -1,4 +1,4 @@
-# snapshot
+# snapshot (create)
 
 ```{admonition} Use case
 :class: note
diff --git a/docs/source/howto/vault/upgrade.md b/docs/source/howto/vault/upgrade.md
new file mode 100644
index 0000000..8eff8d8
--- /dev/null
+++ b/docs/source/howto/vault/upgrade.md
@@ -0,0 +1,45 @@
+# upgrade cluster
+
+```{admonition} Use case
+:class: note
+
+* You have an existing cluster deployed via HashiStack.
+* You have the unseal key and root token corresponding.
+```
+----
+```{admonition} Be aware
+:class: warning
+
+* Always [create a snapshot](snapshot) before cluster upgrade.
+* Always [be trained for a snapshot restore](restore) before cluster upgrade.
+
+These operations should not be discovered under the stress of any live issue.
+```
+
+## Change role variable to desired version
+
+```{code-block}
+:caption: In any var file applied to hashistack_masters ansible group
+---
+hs_vault_version: "<your desired version>"
+```
+```{admonition} See also
+:class: note
+
+* [vault roles variables](/reference/roles/role_vault "Internals")
+```
+
+
+## Apply upgrade procedure
+
+```{code-block}
+:caption: Run upgrade
+> ansible-playbook wescale.hashistack.vault_upgrade
+```
+
+The playbook will sequentially:
+
+* upgrade cluster's follower nodes
+* upgrade the leader node
+* unseal the cluster
+