diff --git a/CHANGELOG.md b/CHANGELOG.md
index b891e27..004076a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 ## Unreleased
 
+CHANGES:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0
+
 ## 0.20.0 (May 16th, 2022)
 
 CHANGES:
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index 846bfc3..8c66a37 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -58,6 +58,32 @@ Compute if the server is enabled.
   (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
 {{- end -}}
 
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
 {{/*
 Compute if the server service is enabled.
 */}}
diff --git a/templates/server-clusterrolebinding.yaml b/templates/server-clusterrolebinding.yaml
index e045b9e..8cdd611 100644
--- a/templates/server-clusterrolebinding.yaml
+++ b/templates/server-clusterrolebinding.yaml
@@ -1,6 +1,5 @@
-{{ template "vault.mode" . }}
-{{- if .serverEnabled -}}
-{{- if and (ne .mode "") (eq (.Values.server.authDelegator.enabled | toString) "true") }}
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
 {{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
 apiVersion: rbac.authorization.k8s.io/v1
 {{- else }}
@@ -22,5 +21,4 @@ subjects:
 - kind: ServiceAccount
   name: {{ template "vault.serviceAccount.name" . }}
   namespace: {{ .Release.Namespace }}
-{{ end }}
-{{ end }}
+{{ end }}
\ No newline at end of file
diff --git a/templates/server-serviceaccount.yaml b/templates/server-serviceaccount.yaml
index 2d1a104..c0d32d1 100644
--- a/templates/server-serviceaccount.yaml
+++ b/templates/server-serviceaccount.yaml
@@ -1,6 +1,5 @@
-{{ template "vault.mode" . }}
-{{- if .serverEnabled -}}
-{{- if (eq (.Values.server.serviceAccount.create | toString) "true" ) }}
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -13,4 +12,3 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
   {{ template "vault.serviceAccount.annotations" . }}
 {{ end }}
-{{ end }}
diff --git a/test/unit/server-clusterrolebinding.bats b/test/unit/server-clusterrolebinding.bats
index bf0a4d8..9d05aea 100755
--- a/test/unit/server-clusterrolebinding.bats
+++ b/test/unit/server-clusterrolebinding.bats
@@ -65,6 +65,7 @@ load _helpers
   cd `chart_dir`
   local actual=$( (helm template \
       --show-only templates/server-clusterrolebinding.yaml  \
+      --set 'server.enabled=false' \
       --set 'injector.externalVaultAddr=http://vault-outside' \
       . || echo "---") | tee /dev/stderr |
       yq 'length > 0' | tee /dev/stderr)