diff --git a/src/vault/README.md b/src/vault/README.md
new file mode 100644
index 0000000..7a89b50
--- /dev/null
+++ b/src/vault/README.md
@@ -0,0 +1,24 @@
+
+# HashiCorp Vault (vault)
+
+Installs the HashiCorp Vault binary.
+
+## Example Usage
+
+```json
+"features": {
+    "ghcr.io/RouL/devcontainer-features/vault:1": {}
+}
+```
+
+## Options
+
+| Options Id | Description | Type | Default Value |
+|-----|-----|-----|-----|
+| version | Provides the version to be installed. Defaults to newest available version. | string | - |
+
+
+
+---
+
+_Note: This file was auto-generated from the [devcontainer-feature.json](https://github.com/RouL/devcontainer-features/blob/main/src/vault/devcontainer-feature.json).  Add additional notes to a `NOTES.md`._
diff --git a/src/vault/devcontainer-feature.json b/src/vault/devcontainer-feature.json
new file mode 100644
index 0000000..8de6179
--- /dev/null
+++ b/src/vault/devcontainer-feature.json
@@ -0,0 +1,13 @@
+{
+  "id": "vault",
+  "version": "1.0.0",
+  "name": "HashiCorp Vault",
+  "description": "Installs the HashiCorp Vault binary.",
+  "options": {
+    "version": {
+      "description": "Provides the version to be installed. Defaults to newest available version.",
+      "type": "string",
+      "default": ""
+    }
+  }
+}
diff --git a/src/vault/install.sh b/src/vault/install.sh
new file mode 100755
index 0000000..2eb65d6
--- /dev/null
+++ b/src/vault/install.sh
@@ -0,0 +1,90 @@
+#!/bin/sh
+set -e
+
+SERVER_BASE="${SERVER_BASE}"
+SERVER_API="${SERVER_API}"
+SERVER_IDENTITY="${SERVER_IDENTITY}"
+
+REQUIRED_PACKAGES="curl unzip sudo ca-certificates jq gpg"
+TARGET_PATH=/usr/local/bin/vault
+
+# check: https://developer.hashicorp.com/well-architected-framework/operational-excellence/verify-hashicorp-binary#verify-pgp-key-id-and-fingerprint
+GPG_FINGERPRINT="C874011F0AB405110D02105534365D9472D7468F"
+
+PRODUCT="vault"
+OS="linux"
+
+error() {
+  echo "$1" >&2
+  echo "Exiting..." >&2
+  exit 1
+}
+
+apt_get_update()
+{
+    if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
+        echo "Running apt-get update..."
+        apt-get update -y
+    fi
+}
+
+check_packages() {
+    if ! dpkg -s "$@" > /dev/null 2>&1; then
+        apt_get_update
+        apt-get -y install --no-install-recommends "$@"
+    fi
+}
+
+arch_detect() {
+  if [ "$(uname -m)" = "x86_64" ]; then
+    ARCH="amd64"
+  elif [ "$(uname -m)" = "aarch64" ]; then
+    ARCH="arm64"
+  else
+    error "Unsupported architecture: $(uname -m)"
+  fi
+}
+
+export DEBIAN_FRONTEND=noninteractive
+
+check_packages $REQUIRED_PACKAGES
+
+CURRENT_TAG="$(curl -L https://api.github.com/repos/hashicorp/vault/releases/latest | jq --raw-output '.tag_name')"
+CURRENT_VERSION="${CURRENT_TAG#v}"
+VERSION="${VERSION:-$CURRENT_VERSION}"
+
+arch_detect
+
+install() {
+    # create gpg env for signature validation
+    export GNUPGHOME=./.gnupg
+    gpg --no-tty --quick-generate-key --batch --passphrase "" human@example.com
+    curl -L --remote-name https://www.hashicorp.com/.well-known/pgp-key.txt
+    gpg --no-tty --import pgp-key.txt
+    gpg --no-tty --quick-sign-key $GPG_FINGERPRINT # trust HashiCorp Key
+
+    # download vault, sha256 sums and signature
+    curl -L --remote-name https://releases.hashicorp.com/"${PRODUCT}"/"${VERSION}"/"${PRODUCT}"_"${VERSION}"_"${OS}_${ARCH}".zip
+    curl -L --remote-name https://releases.hashicorp.com/"${PRODUCT}"/"${VERSION}"/"${PRODUCT}"_"${VERSION}"_SHA256SUMS
+    curl -L --remote-name https://releases.hashicorp.com/"${PRODUCT}"/"${VERSION}"/"${PRODUCT}"_"${VERSION}"_SHA256SUMS.sig
+
+    # verify integrity
+    gpg --no-tty --verify ${PRODUCT}_${VERSION}_SHA256SUMS.sig ${PRODUCT}_${VERSION}_SHA256SUMS
+    sha256sum --check --ignore-missing ${PRODUCT}_${VERSION}_SHA256SUMS
+
+    unzip "${PRODUCT}"_"${VERSION}"_"${OS}_${ARCH}".zip
+    rm -f "${PRODUCT}"_"${VERSION}"_"${OS}_${ARCH}".zip LICENSE.txt "${PRODUCT}"_"${VERSION}"_SHA256SUMS "${PRODUCT}"_"${VERSION}"_SHA256SUMS.sig
+
+    chmod a+x vault
+    mv vault $TARGET_PATH
+}
+
+echo "(*) Installing HashiCorp Vault binary..."
+
+install
+
+# Clean up
+rm -rf /var/lib/apt/lists/*
+rm -rf .gnupg
+
+echo "Done!"
diff --git a/test/vault/scenarios.json b/test/vault/scenarios.json
new file mode 100644
index 0000000..fbff13d
--- /dev/null
+++ b/test/vault/scenarios.json
@@ -0,0 +1,18 @@
+{
+  "version-1_17_6": {
+    "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+    "features": {
+      "vault": {
+        "version": "1.17.6"
+      }
+    }
+  },
+  "version-1_10_11-ent": {
+    "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
+    "features": {
+      "vault": {
+        "version": "1.10.11+ent"
+      }
+    }
+  }
+}
diff --git a/test/vault/test.sh b/test/vault/test.sh
new file mode 100644
index 0000000..a48e9c7
--- /dev/null
+++ b/test/vault/test.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -e
+
+source dev-container-features-test-lib
+
+check "vault --version" bash -c "vault --version | grep -E '^Vault v[1-9][0-9]*\\.[0-9]+\\.[0-9]+ '"
diff --git a/test/vault/version-1_10_11-ent.sh b/test/vault/version-1_10_11-ent.sh
new file mode 100644
index 0000000..1eacbf2
--- /dev/null
+++ b/test/vault/version-1_10_11-ent.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -e
+
+source dev-container-features-test-lib
+
+check "vault --version" bash -c "vault --version | grep -E '^Vault v1\\.10\\.11\+ent '"
diff --git a/test/vault/version-1_17_6.sh b/test/vault/version-1_17_6.sh
new file mode 100644
index 0000000..7f87fd7
--- /dev/null
+++ b/test/vault/version-1_17_6.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -e
+
+source dev-container-features-test-lib
+
+check "vault --version" bash -c "vault --version | grep -E '^Vault v1\\.17\\.6 '"