diff --git a/content/slides/cri/md/vault.md b/content/slides/cri/md/vault.md
index 1766f27e602e832e95c067d414a3d84e02e673b2..c1d02066d1576273a8814c4f5dfac98169a531b4 100644
--- a/content/slides/cri/md/vault.md
+++ b/content/slides/cri/md/vault.md
@@ -15,7 +15,32 @@
   * serveur
     * créer un service systemd
   * cli
-    * `vault`
+    * `/usr/local/bin/vault `
+
+
+## Systemd 
+
+```shell
+setcap CAP_IPC_LOCK=+ep /usr/local/bin/vault
+setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/vault
+```
+
+```ini
+[Unit]
+Description=a tool for managing secrets
+Documentation=https://vaultproject.io/docs/
+After=network.target
+ConditionFileNotEmpty=/etc/vault/vault.hcl
+
+[Service]
+User=vault
+Group=vault
+ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.hcl
+ExecReload=/usr/local/bin/kill --signal HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
+```
 
 
 ## Configuration
@@ -29,12 +54,42 @@ backend "file" {
 ui = true
 disable_mlock = true
 listener "tcp" {
-  address     = "10.0.0.1:8200"
-  tls_disable = 1
+  address     = "10.0.0.1:443"
+  tls_cert_file = "/etc/certs/vault.crt"
+  tls_key_file  =  "/etc/certs/vault.key"
+  tls_disable   = 0
 }
 ```
 
 
+## Initialisation
+
+```shell
+export VAULT_ADDR=https://10.0.0.1
+export VAULT_SKIP_VERIFY=True
+vault operator init -key-shares=3 -key-threshold=2
+```
+
+```shell
+Unseal Key 1: 6gAO3lmAhIaHzDAdkK256g2B2Dpeqy+z4jqQCJBID3d8
+Unseal Key 2: TO7DDRQXSPC3IQylPEBPjPGAGAGMzjEkjT/FL62m7UUd
+Unseal Key 3: CYfEbt83jYsQFcSErHT4Y5NCsrEtfFUE6tjQZKfP632K
+
+Initial Root Token: s.78MykQO2b5qcy03rtoNwmhr1
+
+Vault initialized with 3 key shares and a key threshold of 2. Please securely
+distribute the key shares printed above. When the Vault is re-sealed,
+restarted, or stopped, you must supply at least 2 of these keys to unseal it
+before it can start servicing requests.
+
+Vault does not store the generated master key. Without at least 2 key to
+reconstruct the master key, Vault will remain permanently sealed!
+
+It is possible to generate new unseal keys, provided you have a quorum of
+existing unseal keys shares. See "vault operator rekey" for more information.
+```
+
+
 ## [<i class="fa fa-book" aria-hidden="true"></i> Secrets engines](https://www.vaultproject.io/docs/secrets/)
 
 !["secrets engines"](images/vault-secrets-engines.png "secrets engines")