diff --git a/cluster/services/frangiclave/default.nix b/cluster/services/frangiclave/default.nix
new file mode 100644
index 0000000..9f01461
--- /dev/null
+++ b/cluster/services/frangiclave/default.nix
@@ -0,0 +1,14 @@
+{
+  services.frangiclave = {
+    nodes = {
+      server = [ "VEGAS" "grail" "prophet" ]; # 3 reliable nodes
+      agent = []; # all nodes, for vault-agent, secret templates, etc.
+    };
+    nixos = {
+      server = [
+        ./server.nix
+      ];
+      agent = [];
+    };
+  };
+}
diff --git a/cluster/services/frangiclave/server.nix b/cluster/services/frangiclave/server.nix
new file mode 100644
index 0000000..0c83ab1
--- /dev/null
+++ b/cluster/services/frangiclave/server.nix
@@ -0,0 +1,8 @@
+{ depot, ... }:
+
+{
+  services.vault = {
+    enable = true;
+    package = depot.packages.openbao;
+  };
+}