diff --git a/kubernetes/kube-nas/apps/secops/vault/app/README.md b/kubernetes/kube-nas/apps/secops/vault/app/README.md
index 57acfcf22..cca45a67b 100644
--- a/kubernetes/kube-nas/apps/secops/vault/app/README.md
+++ b/kubernetes/kube-nas/apps/secops/vault/app/README.md
@@ -15,7 +15,7 @@ Exec in Vault Pod and do the following:
 ```shell
 vault status          # running, should be recovery seal type: gcpckms, sealed: true)
 vault operator init   # initialises with 5 key shares and a key treshold of 3
-vault operator unseal # do this 3 times
+vault operator unseal # do this 3 times if seal is not gcpckms
 vault status          # should be recovery seal type: shamir, initialized: true, sealed: false
 ```
 
diff --git a/kubernetes/kube-nas/apps/secops/vault/app/TODO.md b/kubernetes/kube-nas/apps/secops/vault/app/TODO.md
deleted file mode 100644
index f206fc408..000000000
--- a/kubernetes/kube-nas/apps/secops/vault/app/TODO.md
+++ /dev/null
@@ -1,6 +0,0 @@
-# TODO
-
-- [ ] autounseal using google cloud
-- [ ] backup
-- [ ] dr test and restore
-- [ ] setup monitoring
diff --git a/kubernetes/kube-nas/apps/secops/vault/flux-sync.yaml b/kubernetes/kube-nas/apps/secops/vault/flux-sync.yaml
index 171209ab3..5f87c060a 100644
--- a/kubernetes/kube-nas/apps/secops/vault/flux-sync.yaml
+++ b/kubernetes/kube-nas/apps/secops/vault/flux-sync.yaml
@@ -24,21 +24,29 @@ spec:
   dependsOn:
     - name: csi-driver-nfs
     - name: volsync
-# ---
-# # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
-# apiVersion: kustomize.toolkit.fluxcd.io/v1
-# kind: Kustomization
-# metadata:
-#   name: vault-snapshots
-#   namespace: flux-system
-#   labels:
-#     substitution.flux.home.arpa/enabled: "true"
-# spec:
-#   interval: 10m
-#   path: ./kubernetes/kube-nas/apps/secops/vault/snapshots
-#   prune: true
-#   sourceRef:
-#     kind: GitRepository
-#     name: home-ops
-#   wait: true
-#   targetNamespace: secops
+
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &appname vault-snapshots
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "true"
+spec:
+  targetNamespace: secops
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *appname
+  path: ./kubernetes/kube-nas/apps/secops/vault/snapshots
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  dependsOn:
+    - name: vault