update changelog

Prepare for release 0.26.1
2023-10-30 14:04:35 -05:00 · 2023-10-30 13:12:24 -05:00
137 changed files with 1779 additions and 1853 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -9,9 +9,9 @@ assignees: ''
 <!-- Please reserve GitHub issues for bug reports and feature requests.
-**Please note**: We take OpenBao's security and our users' trust very seriously. If
+For questions, the best place to get answers is on our [discussion forum](https://discuss.hashicorp.com/c/vault), as they will get more visibility from experienced users than the issue tracker.
-you believe you have found a security issue in OpenBao Helm, _please responsibly disclose_
+
-by contacting us at [openbao-security@lists.lfedge.org](mailto:openbao-security@lists.lfedge.org).
+Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault Helm, _please responsibly disclose_ by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
 -->
@ -21,10 +21,10 @@ A clear and concise description of what the bug is.
 **To Reproduce**
 Steps to reproduce the behavior:
 1. Install chart
-2. Run bao command
+2. Run vault command
-3. See error (openbao logs, etc.)
+3. See error (vault logs, etc.)
-Other useful info to include: openbao pod logs, `kubectl describe statefulset openbao` and `kubectl get statefulset openbao -o yaml` output
+Other useful info to include: vault pod logs, `kubectl describe statefulset vault` and `kubectl get statefulset vault -o yaml` output
 **Expected behavior**
 A clear and concise description of what you expected to happen.
@ -33,7 +33,7 @@ A clear and concise description of what you expected to happen.
 * Kubernetes version: 
  * Distribution or cloud vendor (OpenShift, EKS, GKE, AKS, etc.):
  * Other configuration options or runtime services (istio, etc.):
-* openbao-helm version:
+* vault-helm version:
 Chart values:
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -3,4 +3,5 @@
 contact_links:
  - name: Ask a question
-    url: https://chat.lfx.linuxfoundation.org/#/room/#openbao-questions:chat.lfx.linuxfoundation.org
+    url: https://discuss.hashicorp.com/c/vault
    about: For increased visibility, please post questions on the discussion forum, and tag with `k8s`
--- a/.github/workflows/acceptance.yaml
+++ b/.github/workflows/acceptance.yaml
@ -5,18 +5,20 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        kind-k8s-version: [1.27.11, 1.28.7, 1.29.2]
+        kind-k8s-version: [1.24.15, 1.25.11, 1.26.6, 1.27.3, 1.28.0]
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
      - name: Setup test tools
        uses: ./.github/actions/setup-test-tools
      - name: Create K8s Kind Cluster
-        uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0
+        uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
        with:
          config: test/kind/config.yaml
          node_image: kindest/node:v${{ matrix.kind-k8s-version }}
-          version: v0.22.0
+          version: v0.20.0
      - run: bats --tap --timing ./test/acceptance
        env:
          VAULT_LICENSE_CI: ${{ secrets.VAULT_LICENSE_CI }}
 permissions:
  contents: read
--- a/.github/workflows/actionlint.yml
+++ b/.github/workflows/actionlint.yml
@ -0,0 +1,14 @@
 # If the repository is public, be sure to change to GitHub hosted runners
 name: Lint GitHub Actions Workflows
 on:
  push:
    paths:
      - .github/workflows/**.yml
  pull_request:
    paths:
      - .github/workflows/**.yml
 permissions:
  contents: read
 jobs:
  actionlint:
    uses: hashicorp/vault-workflows-common/.github/workflows/actionlint.yaml@main
--- a/.github/workflows/jira.yaml
+++ b/.github/workflows/jira.yaml
@ -0,0 +1,17 @@
 name: Jira Sync
 on:
  issues:
    types: [opened, closed, deleted, reopened]
  pull_request_target:
    types: [opened, closed, reopened]
  issue_comment: # Also triggers when commenting on a PR from the conversation view
    types: [created]
 jobs:
  sync:
    uses: hashicorp/vault-workflows-common/.github/workflows/jira.yaml@main
    secrets:
      JIRA_SYNC_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }}
      JIRA_SYNC_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }}
      JIRA_SYNC_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }}
    with:
      teams-array: '["ecosystem", "foundations-eco"]'
--- a/.github/workflows/lint-chart.yml
+++ b/.github/workflows/lint-chart.yml
@ -1,47 +0,0 @@
 name: Lint and Test Chart
 on:
  pull_request:
    paths:
      - 'charts/**'
 permissions:
  contents: read
 jobs:
  lint:
    name: Lint
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: "0"
      - name: Install Helm
        uses: azure/setup-helm@v4
      - name: Set up chart-testing
        uses: helm/chart-testing-action@v2.6.1
      - name: Run chart-testing (list-changed)
        id: list-changed
        run: |
          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
          if [[ -n "$changed" ]]; then
            echo "changed=true" >> "$GITHUB_OUTPUT"
          fi
      - name: Run chart-testing (lint)
        id: lint
        if: steps.list-changed.outputs.changed == 'true'
        run: ct lint --target-branch ${{ github.event.repository.default_branch }}
      - name: Create kind cluster
        uses: helm/kind-action@v1.10.0
        if: steps.list-changed.outputs.changed == 'true'
      - name: Run chart-testing (install)
        id: install
        if: steps.list-changed.outputs.changed == 'true'
        run: ct install --target-branch ${{ github.event.repository.default_branch }}
--- a/.github/workflows/release-chart.yml
+++ b/.github/workflows/release-chart.yml
@ -1,38 +0,0 @@
 name: Release
 on:
  push:
    branches:
      - main
    paths:
      - 'charts/**'
 jobs:
  release:
    environment: helm-release
    permissions:
      contents: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Configure Git
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
      - name: Install Helm
        uses: azure/setup-helm@v3.5
        id: helm-install
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Run chart-releaser
        id: helm-release
        uses: helm/chart-releaser-action@v1.6.0
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
          CR_GENERATE_RELEASE_NOTES: true
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@ -4,20 +4,20 @@ jobs:
  bats-unit-tests:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
      - uses: ./.github/actions/setup-test-tools
      - run: bats --tap --timing ./test/unit
  chart-verifier:
    runs-on: ubuntu-latest
    env:
-      CHART_VERIFIER_VERSION: "1.13.7"
+      CHART_VERIFIER_VERSION: '1.13.0'
    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
      - name: Setup test tools
        uses: ./.github/actions/setup-test-tools
-      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
        with:
-          go-version: "1.22.5"
+          go-version: '1.21.3'
      - run: go install "github.com/redhat-certification/chart-verifier@${CHART_VERIFIER_VERSION}"
      - run: bats --tap --timing ./test/chart
 permissions:
--- a/.github/workflows/update-helm-charts-index.yml
+++ b/.github/workflows/update-helm-charts-index.yml
@ -0,0 +1,40 @@
 name: update-helm-charts-index
 on:
  push:
    tags:
      - 'v[0-9]+.[0-9]+.[0-9]+'
 permissions:
  contents: read
 jobs:
  update-helm-charts-index:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
      - name: verify Chart version matches tag version
        run: |-
          export TAG=${{ github.ref_name }}
          git_tag="${TAG#v}"
          chart_tag=$(yq -r '.version' Chart.yaml)
          if [ "${git_tag}" != "${chart_tag}" ]; then
            echo "chart version (${chart_tag}) did not match git version (${git_tag})"
            exit 1
          fi
      - name: update helm-charts index
        id: update
        env:
          GH_TOKEN: ${{ secrets.HELM_CHARTS_GITHUB_TOKEN }}
        run: |-
          gh workflow run publish-charts.yml \
            --repo hashicorp/helm-charts \
            --ref main \
            -f SOURCE_TAG="${{ github.ref_name }}" \
            -f SOURCE_REPO="${{ github.repository }}"
      - uses: hashicorp/actions-slack-status@v1
        if: ${{always()}}
        with:
          success-message: "vault-helm charts index update triggered successfully. View the run <https://github.com/hashicorp/helm-charts/actions/workflows/publish-charts.yml|here>."
          failure-message: "vault-helm charts index update trigger failed."
          status: ${{job.status}}
          slack-webhook-url: ${{secrets.SLACK_WEBHOOK_URL}}
--- a/.gitignore
+++ b/.gitignore
@ -11,4 +11,3 @@ vaul-helm-dev-creds.json
 ./test/acceptance/values.yaml
 ./test/acceptance/values.yml
 .idea
 scratch/
--- a/charts/openbao/.helmignore
+++ b/charts/openbao/.helmignore
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,24 +1,5 @@
 ## Unreleased
 Bugs:
 * injector: add missing `get` `nodes` permission to ClusterRole [GH-1005](https://github.com/hashicorp/vault-helm/pull/1005)
 ## 0.27.0 (November 16, 2023)
 Changes:
 * Default `vault` version updated to 1.15.2
 Features:
 * server: Support setting `persistentVolumeClaimRetentionPolicy` on the StatefulSet [GH-965](https://github.com/hashicorp/vault-helm/pull/965)
 * server: Support setting labels on PVCs [GH-969](https://github.com/hashicorp/vault-helm/pull/969)
 * server: Support setting ingress rules for networkPolicy [GH-877](https://github.com/hashicorp/vault-helm/pull/877)
 Improvements:
 * Support exec in the server liveness probe [GH-971](https://github.com/hashicorp/vault-helm/pull/971)
 ## 0.26.1 (October 30, 2023)
 Bugs:
--- a/1
+++ b/1
@ -0,0 +1 @@
 * @hashicorp/vault-ecosystem-foundations
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,8 +1,8 @@
-# Contributing to OpenBao Helm
+# Contributing to Vault Helm
-**Please note:** We take OpenBao's security and our users' trust very seriously.
+**Please note:** We take Vault's security and our users' trust very seriously.
-If you believe you have found a security issue in OpenBao, please responsibly
+If you believe you have found a security issue in Vault, please responsibly
-disclose by contacting us at openbao-security@lists.lfedge.org.
+disclose by contacting us at security@hashicorp.com.
 **First:** if you're unsure or afraid of _anything_, just ask or submit the
 issue or pull request anyways. You won't be yelled at for giving it your best
@ -12,15 +12,14 @@ rules to get in the way of that.
 That said, if you want to ensure that a pull request is likely to be merged,
 talk to us! You can find out our thoughts and ensure that your contribution
-won't clash or be obviated by OpenBao's normal direction. A great way to do this
+won't clash or be obviated by Vault's normal direction. A great way to do this
-is via the [Linux Foundation Element chat server][1], or [mailing list][2].
+is via the [Vault Discussion Forum][1].
 This document will cover what we're looking for in terms of reporting issues.
 By addressing all the points we're looking for, it raises the chances we can
 quickly merge or address your contributions.
-[1]: https://chat.lfx.linuxfoundation.org
+[1]: https://discuss.hashicorp.com/c/vault
 [2]: https://lists.lfedge.org/g/openbao
 ## Issues
@ -34,14 +33,14 @@ quickly merge or address your contributions.
 * Provide steps to reproduce the issue, and if possible include the expected
  results as well as the actual results. Please provide text, not screen shots!
-* Respond as promptly as possible to any questions made by the OpenBao
+* Respond as promptly as possible to any questions made by the Vault
  team to your issue. Stale issues will be closed periodically.
 ### Issue Lifecycle
 1. The issue is reported.
-2. The issue is verified and categorized by a OpenBao Helm collaborator.
+2. The issue is verified and categorized by a Vault Helm collaborator.
   Categorization is done via tags. For example, bugs are marked as "bugs".
 3. Unless it is critical, the issue may be left for a period of time (sometimes
@ -71,25 +70,25 @@ The following are the instructions for running bats tests using a Docker contain
 #### Prerequisites
 * Docker installed
-* `openbao-helm` checked out locally
+* `vault-helm` checked out locally
 #### Test
-**Note:** the following commands should be run from the `openbao-helm` directory.
+**Note:** the following commands should be run from the `vault-helm` directory.
 First, build the Docker image for running the tests:
 ```shell
-docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t openbao-helm-test
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
 ```
 Next, execute the tests with the following commands:
 ```shell
-docker run -it --rm -v "${PWD}:/test" openbao-helm-test bats /test/test/unit
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
 ```
 It's possible to only run specific bats tests using regular expressions. 
 For example, the following will run only tests with "injector" in the name:
 ```shell
-docker run -it --rm -v "${PWD}:/test" openbao-helm-test bats /test/test/unit -f "injector"
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
 ```
 ### Test Manually
@ -123,7 +122,7 @@ may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
 start from a clean slate.
 **Note:** There is a Terraform configuration in the
-[`test/terraform/`](https://github.com/openbao/openbao-helm/tree/main/test/terraform) directory
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
 that can be used to quickly bring up a GKE cluster and configure
 `kubectl` and `helm` locally. This can be used to quickly spin up a test
 cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
--- a/Chart.yaml
+++ b/Chart.yaml
@ -0,0 +1,19 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 apiVersion: v2
 name: vault
 version: 0.26.1
 appVersion: 1.15.1
 kubeVersion: ">= 1.20.0-0"
 description: Official HashiCorp Vault Chart
 home: https://www.vaultproject.io
 icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
 keywords: ["vault", "security", "encryption", "secrets", "management", "automation", "infrastructure"]
 sources:
  - https://github.com/hashicorp/vault
  - https://github.com/hashicorp/vault-helm
  - https://github.com/hashicorp/vault-k8s
  - https://github.com/hashicorp/vault-csi-provider
 annotations:
  charts.openshift.io/name: HashiCorp Vault
--- a/11
+++ b/11
@ -1,6 +1,6 @@
-TEST_IMAGE?=openbao-helm-test
+TEST_IMAGE?=vault-helm-test
-GOOGLE_CREDENTIALS?=openbao-helm-test.json
+GOOGLE_CREDENTIALS?=vault-helm-test.json
-CLOUDSDK_CORE_PROJECT?=openbao-helm-dev-246514
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
 # set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
 ACCEPTANCE_TESTS?=acceptance
@ -11,10 +11,10 @@ UNIT_TESTS_FILTER?='.*'
 LOCAL_ACCEPTANCE_TESTS?=false
 # kind cluster name
-KIND_CLUSTER_NAME?=openbao-helm
+KIND_CLUSTER_NAME?=vault-helm
 # kind k8s version
-KIND_K8S_VERSION?=v1.29.2
+KIND_K8S_VERSION?=v1.26.3
 # Generate json schema for chart values. See test/README.md for more details.
 values-schema:
@ -40,6 +40,7 @@ else
 	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
 	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
 	-e KUBECONFIG=/helm-test/.kube/config \
 	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
 	-w /helm-test \
 	$(TEST_IMAGE) \
 	make acceptance
--- a/README.md
+++ b/README.md
@ -1,12 +1,16 @@
-# OpenBao Helm Chart
+# Vault Helm Chart
-> :warning: **Please note**: We take OpenBao's security and our users' trust very seriously. If
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
-you believe you have found a security issue in OpenBao Helm, _please responsibly disclose_
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
-by contacting us at [openbao-security@lists.lfedge.org](mailto:openbao-security@lists.lfedge.org).
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
-This repository contains the OpenBao Helm chart for installing
+This repository contains the official HashiCorp Helm chart for installing
-and configuring OpenBao on Kubernetes. This chart supports multiple use
+and configuring Vault on Kubernetes. This chart supports multiple use
-cases of OpenBao on Kubernetes depending on the values provided.
+cases of Vault on Kubernetes depending on the values provided.
 For full documentation on this Helm chart along with all the ways you can
 use Vault with Kubernetes, please see the
 [Vault and Kubernetes documentation](https://developer.hashicorp.com/vault/docs/platform/k8s).
 ## Prerequisites
@ -16,19 +20,24 @@ this README. Please refer to the Kubernetes and Helm documentation.
 The versions required are:
-  * **Helm 3.12+** - Earliest verison tested
+  * **Helm 3.6+**
-  * **Kubernetes 1.28+** - This is the earliest version of Kubernetes tested.
+  * **Kubernetes 1.22+** - This is the earliest version of Kubernetes tested.
    It is possible that this chart works with earlier versions but it is
    untested.
 ## Usage
-To install the latest version of this chart, add the OpenBao helm repository and run `helm install`:
+To install the latest version of this chart, add the Hashicorp helm repository
 and run `helm install`:
 ```console
-helm repo add openbao https://openbao.github.io/openbao-helm
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
 "hashicorp" has been added to your repositories
-helm install openbao openbao/openbao
+$ helm install vault hashicorp/vault
 ```
-Please see the many options supported in the [`values.yaml`](./charts/openbao/values.yaml) file. These are also fully documented directly in the [openbao README](./charts/openbao/README.md) along with more detailed installation instructions.
+Please see the many options supported in the `values.yaml` file. These are also
 fully documented directly on the [Vault
 website](https://developer.hashicorp.com/vault/docs/platform/k8s/helm) along with more
 detailed installation instructions.
--- a/charts/openbao/Chart.yaml
+++ b/charts/openbao/Chart.yaml
@ -1,31 +0,0 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 apiVersion: v2
 name: openbao
 version: 0.6.0
 appVersion: v2.0.2
 kubeVersion: ">= 1.27.0-0"
 description: Official OpenBao Chart
 home: https://github.com/openbao/openbao-helm
 icon: https://github.com/openbao/artwork/blob/main/color/openbao-color.svg
 keywords:
  [
    "vault",
    "openbao",
    "security",
    "encryption",
    "secrets",
    "management",
    "automation",
    "infrastructure",
  ]
 sources:
  - https://github.com/openbao/openbao-helm
 annotations:
  charts.openshift.io/name: Openbao
 maintainers:
  - name: OpenBao
    email: openbao-security@lists.lfedge.org
    url: https://openbao.org
--- a/charts/openbao/README.md
+++ b/charts/openbao/README.md
@ -1,294 +0,0 @@
 # openbao
 ![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![AppVersion: v2.0.2](https://img.shields.io/badge/AppVersion-v2.0.2-informational?style=flat-square)
 Official OpenBao Chart
 **Homepage:** <https://github.com/openbao/openbao-helm>
 ## Maintainers
 | Name | Email | Url |
 | ---- | ------ | --- |
 | OpenBao | <openbao-security@lists.lfedge.org> | <https://openbao.org> |
 ## Source Code
 * <https://github.com/openbao/openbao-helm>
 ## Requirements
 Kubernetes: `>= 1.27.0-0`
 ## Values
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | csi.agent.enabled | bool | `true` |  |
 | csi.agent.extraArgs | list | `[]` |  |
 | csi.agent.image.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for agent image. if tag is "latest", set to "Always" |
 | csi.agent.image.registry | string | `"quay.io"` | image registry to use for agent image |
 | csi.agent.image.repository | string | `"openbao/openbao"` | image repo to use for agent image |
 | csi.agent.image.tag | string | `"2.0.2"` | image tag to use for agent image |
 | csi.agent.logFormat | string | `"standard"` |  |
 | csi.agent.logLevel | string | `"info"` |  |
 | csi.agent.resources | object | `{}` |  |
 | csi.daemonSet.annotations | object | `{}` |  |
 | csi.daemonSet.extraLabels | object | `{}` |  |
 | csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` |  |
 | csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` |  |
 | csi.daemonSet.securityContext.container | object | `{}` |  |
 | csi.daemonSet.securityContext.pod | object | `{}` |  |
 | csi.daemonSet.updateStrategy.maxUnavailable | string | `""` |  |
 | csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` |  |
 | csi.debug | bool | `false` |  |
 | csi.enabled | bool | `false` | True if you want to install a secrets-store-csi-driver-provider-vault daemonset.  Requires installing the secrets-store-csi-driver separately, see: https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver  With the driver and provider installed, you can mount OpenBao secrets into volumes similar to the OpenBao Agent injector, and you can also sync those secrets into Kubernetes secrets. |
 | csi.extraArgs | list | `[]` |  |
 | csi.hmacSecretName | string | `""` |  |
 | csi.image.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for csi image. if tag is "latest", set to "Always" |
 | csi.image.registry | string | `"docker.io"` | image registry to use for csi image |
 | csi.image.repository | string | `"hashicorp/vault-csi-provider"` | image repo to use for csi image |
 | csi.image.tag | string | `"1.4.0"` | image tag to use for csi image |
 | csi.livenessProbe.failureThreshold | int | `2` |  |
 | csi.livenessProbe.initialDelaySeconds | int | `5` |  |
 | csi.livenessProbe.periodSeconds | int | `5` |  |
 | csi.livenessProbe.successThreshold | int | `1` |  |
 | csi.livenessProbe.timeoutSeconds | int | `3` |  |
 | csi.pod.affinity | object | `{}` |  |
 | csi.pod.annotations | object | `{}` |  |
 | csi.pod.extraLabels | object | `{}` |  |
 | csi.pod.nodeSelector | object | `{}` |  |
 | csi.pod.tolerations | list | `[]` |  |
 | csi.priorityClassName | string | `""` |  |
 | csi.readinessProbe.failureThreshold | int | `2` |  |
 | csi.readinessProbe.initialDelaySeconds | int | `5` |  |
 | csi.readinessProbe.periodSeconds | int | `5` |  |
 | csi.readinessProbe.successThreshold | int | `1` |  |
 | csi.readinessProbe.timeoutSeconds | int | `3` |  |
 | csi.resources | object | `{}` |  |
 | csi.serviceAccount.annotations | object | `{}` |  |
 | csi.serviceAccount.extraLabels | object | `{}` |  |
 | csi.volumeMounts | list | `[]` | volumeMounts is a list of volumeMounts for the main server container. These are rendered via toYaml rather than pre-processed like the extraVolumes value. The purpose is to make it easy to share volumes between containers. |
 | csi.volumes | list | `[]` | volumes is a list of volumes made available to all containers. These are rendered via toYaml rather than pre-processed like the extraVolumes value. The purpose is to make it easy to share volumes between containers. |
 | global.enabled | bool | `true` | enabled is the master enabled switch. Setting this to true or false will enable or disable all the components within this chart by default. |
 | global.externalVaultAddr | string | `""` | External openbao server address for the injector and CSI provider to use. Setting this will disable deployment of a openbao server. |
 | global.imagePullSecrets | list | `[]` | Image pull secret to use for registry authentication. Alternatively, the value may be specified as an array of strings. |
 | global.namespace | string | `""` | The namespace to deploy to. Defaults to the `helm` installation namespace. |
 | global.openshift | bool | `false` | If deploying to OpenShift |
 | global.psp | object | `{"annotations":"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default\n","enable":false}` | Create PodSecurityPolicy for pods |
 | global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default\n"` | Annotation for PodSecurityPolicy. This is a multi-line templated string map, and can also be set as YAML. |
 | global.serverTelemetry.prometheusOperator | bool | `false` | Enable integration with the Prometheus Operator See the top level serverTelemetry section below before enabling this feature. |
 | global.tlsDisable | bool | `true` | TLS for end-to-end encrypted transport |
 | injector.affinity | string | `"podAntiAffinity:\n  requiredDuringSchedulingIgnoredDuringExecution:\n    - labelSelector:\n        matchLabels:\n          app.kubernetes.io/name: {{ template \"openbao.name\" . }}-agent-injector\n          app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n          component: webhook\n      topologyKey: kubernetes.io/hostname\n"` |  |
 | injector.agentDefaults.cpuLimit | string | `"500m"` |  |
 | injector.agentDefaults.cpuRequest | string | `"250m"` |  |
 | injector.agentDefaults.memLimit | string | `"128Mi"` |  |
 | injector.agentDefaults.memRequest | string | `"64Mi"` |  |
 | injector.agentDefaults.template | string | `"map"` |  |
 | injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` |  |
 | injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` |  |
 | injector.agentImage | object | `{"pullPolicy":"IfNotPresent","registry":"quay.io","repository":"openbao/openbao","tag":"2.0.2"}` | agentImage sets the repo and tag of the OpenBao image to use for the OpenBao Agent containers.  This should be set to the official OpenBao image.  OpenBao 1.3.1+ is required. |
 | injector.agentImage.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for agent image. if tag is "latest", set to "Always" |
 | injector.agentImage.registry | string | `"quay.io"` | image registry to use for agent image |
 | injector.agentImage.repository | string | `"openbao/openbao"` | image repo to use for agent image |
 | injector.agentImage.tag | string | `"2.0.2"` | image tag to use for agent image |
 | injector.annotations | object | `{}` |  |
 | injector.authPath | string | `"auth/kubernetes"` |  |
 | injector.certs.caBundle | string | `""` |  |
 | injector.certs.certName | string | `"tls.crt"` |  |
 | injector.certs.keyName | string | `"tls.key"` |  |
 | injector.certs.secretName | string | `nil` |  |
 | injector.enabled | string | `"-"` | True if you want to enable openbao agent injection. @default: global.enabled |
 | injector.externalVaultAddr | string | `""` | Deprecated: Please use global.externalVaultAddr instead. |
 | injector.extraEnvironmentVars | object | `{}` |  |
 | injector.extraLabels | object | `{}` |  |
 | injector.failurePolicy | string | `"Ignore"` |  |
 | injector.hostNetwork | bool | `false` |  |
 | injector.image.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for k8s image. if tag is "latest", set to "Always" |
 | injector.image.registry | string | `"docker.io"` | image registry to use for k8s image |
 | injector.image.repository | string | `"hashicorp/vault-k8s"` | image repo to use for k8s image |
 | injector.image.tag | string | `"1.4.2"` | image tag to use for k8s image |
 | injector.leaderElector | object | `{"enabled":true}` | If multiple replicas are specified, by default a leader will be determined so that only one injector attempts to create TLS certificates. |
 | injector.livenessProbe.failureThreshold | int | `2` | When a probe fails, Kubernetes will try failureThreshold times before giving up |
 | injector.livenessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before probe initiates |
 | injector.livenessProbe.periodSeconds | int | `2` | How often (in seconds) to perform the probe |
 | injector.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed |
 | injector.livenessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. |
 | injector.logFormat | string | `"standard"` | Configures the log format of the injector. Supported log formats: "standard", "json". |
 | injector.logLevel | string | `"info"` | Configures the log verbosity of the injector. Supported log levels include: trace, debug, info, warn, error |
 | injector.metrics | object | `{"enabled":false}` | If true, will enable a node exporter metrics endpoint at /metrics. |
 | injector.namespaceSelector | object | `{}` |  |
 | injector.nodeSelector | object | `{}` |  |
 | injector.objectSelector | object | `{}` |  |
 | injector.podDisruptionBudget | object | `{}` |  |
 | injector.port | int | `8080` | Configures the port the injector should listen on |
 | injector.priorityClassName | string | `""` |  |
 | injector.readinessProbe.failureThreshold | int | `2` | When a probe fails, Kubernetes will try failureThreshold times before giving up |
 | injector.readinessProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before probe initiates |
 | injector.readinessProbe.periodSeconds | int | `2` | How often (in seconds) to perform the probe |
 | injector.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed |
 | injector.readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. |
 | injector.replicas | int | `1` |  |
 | injector.resources | object | `{}` |  |
 | injector.revokeOnShutdown | bool | `false` |  |
 | injector.securityContext.container | object | `{}` |  |
 | injector.securityContext.pod | object | `{}` |  |
 | injector.service.annotations | object | `{}` |  |
 | injector.serviceAccount.annotations | object | `{}` |  |
 | injector.startupProbe.failureThreshold | int | `12` | When a probe fails, Kubernetes will try failureThreshold times before giving up |
 | injector.startupProbe.initialDelaySeconds | int | `5` | Number of seconds after the container has started before probe initiates |
 | injector.startupProbe.periodSeconds | int | `5` | How often (in seconds) to perform the probe |
 | injector.startupProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed |
 | injector.startupProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. |
 | injector.strategy | object | `{}` |  |
 | injector.tolerations | list | `[]` |  |
 | injector.topologySpreadConstraints | list | `[]` |  |
 | injector.webhook.annotations | object | `{}` |  |
 | injector.webhook.failurePolicy | string | `"Ignore"` |  |
 | injector.webhook.matchPolicy | string | `"Exact"` |  |
 | injector.webhook.namespaceSelector | object | `{}` |  |
 | injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n  operator: NotIn\n  values:\n  - {{ template \"openbao.name\" . }}-agent-injector\n"` |  |
 | injector.webhook.timeoutSeconds | int | `30` |  |
 | injector.webhookAnnotations | object | `{}` |  |
 | server.affinity | string | `"podAntiAffinity:\n  requiredDuringSchedulingIgnoredDuringExecution:\n    - labelSelector:\n        matchLabels:\n          app.kubernetes.io/name: {{ template \"openbao.name\" . }}\n          app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n          component: server\n      topologyKey: kubernetes.io/hostname\n"` |  |
 | server.annotations | object | `{}` |  |
 | server.auditStorage.accessMode | string | `"ReadWriteOnce"` |  |
 | server.auditStorage.annotations | object | `{}` |  |
 | server.auditStorage.enabled | bool | `false` |  |
 | server.auditStorage.labels | object | `{}` |  |
 | server.auditStorage.mountPath | string | `"/openbao/audit"` |  |
 | server.auditStorage.size | string | `"10Gi"` |  |
 | server.auditStorage.storageClass | string | `nil` |  |
 | server.authDelegator.enabled | bool | `true` |  |
 | server.configAnnotation | bool | `false` |  |
 | server.dataStorage.accessMode | string | `"ReadWriteOnce"` |  |
 | server.dataStorage.annotations | object | `{}` |  |
 | server.dataStorage.enabled | bool | `true` |  |
 | server.dataStorage.labels | object | `{}` |  |
 | server.dataStorage.mountPath | string | `"/openbao/data"` |  |
 | server.dataStorage.size | string | `"10Gi"` |  |
 | server.dataStorage.storageClass | string | `nil` |  |
 | server.dev.devRootToken | string | `"root"` |  |
 | server.dev.enabled | bool | `false` |  |
 | server.enabled | string | `"-"` |  |
 | server.extraArgs | string | `""` | extraArgs is a string containing additional OpenBao server arguments. |
 | server.extraContainers | string | `nil` |  |
 | server.extraEnvironmentVars | object | `{}` |  |
 | server.extraInitContainers | list | `[]` | extraInitContainers is a list of init containers. Specified as a YAML list. This is useful if you need to run a script to provision TLS certificates or write out configuration files in a dynamic way. |
 | server.extraLabels | object | `{}` |  |
 | server.extraPorts | list | `[]` | extraPorts is a list of extra ports. Specified as a YAML list. This is useful if you need to add additional ports to the statefulset in dynamic way. |
 | server.extraSecretEnvironmentVars | list | `[]` |  |
 | server.extraVolumes | list | `[]` |  |
 | server.ha.apiAddr | string | `nil` |  |
 | server.ha.clusterAddr | string | `nil` |  |
 | server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n  tls_disable = 1\n  address = \"[::]:8200\"\n  cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n  path = \"openbao\"\n  address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n#   project     = \"openbao-helm-dev-246514\"\n#   region      = \"global\"\n#   key_ring    = \"openbao-helm-unseal-kr\"\n#   crypto_key  = \"openbao-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n#  prometheus_retention_time = \"30s\"\n#  disable_hostname = true\n#}\n"` |  |
 | server.ha.disruptionBudget.enabled | bool | `true` |  |
 | server.ha.disruptionBudget.maxUnavailable | string | `nil` |  |
 | server.ha.enabled | bool | `false` |  |
 | server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n  tls_disable = 1\n  address = \"[::]:8200\"\n  cluster_address = \"[::]:8201\"\n  # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n  #telemetry {\n  #  unauthenticated_metrics_access = \"true\"\n  #}\n}\n\nstorage \"raft\" {\n  path = \"/openbao/data\"\n}\n\nservice_registration \"kubernetes\" {}\n"` |  |
 | server.ha.raft.enabled | bool | `false` |  |
 | server.ha.raft.setNodeId | bool | `false` |  |
 | server.ha.replicas | int | `3` |  |
 | server.hostAliases | list | `[]` |  |
 | server.hostNetwork | bool | `false` |  |
 | server.image.pullPolicy | string | `"IfNotPresent"` | image pull policy to use for server image. if tag is "latest", set to "Always" |
 | server.image.registry | string | `"quay.io"` | image registry to use for server image |
 | server.image.repository | string | `"openbao/openbao"` | image repo to use for server image |
 | server.image.tag | string | `"2.0.2"` | image tag to use for server image |
 | server.ingress.activeService | bool | `true` |  |
 | server.ingress.annotations | object | `{}` |  |
 | server.ingress.enabled | bool | `false` |  |
 | server.ingress.extraPaths | list | `[]` |  |
 | server.ingress.hosts[0].host | string | `"chart-example.local"` |  |
 | server.ingress.hosts[0].paths | list | `[]` |  |
 | server.ingress.ingressClassName | string | `""` |  |
 | server.ingress.labels | object | `{}` |  |
 | server.ingress.pathType | string | `"Prefix"` |  |
 | server.ingress.tls | list | `[]` |  |
 | server.livenessProbe.enabled | bool | `false` |  |
 | server.livenessProbe.execCommand | list | `[]` |  |
 | server.livenessProbe.failureThreshold | int | `2` |  |
 | server.livenessProbe.initialDelaySeconds | int | `60` |  |
 | server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` |  |
 | server.livenessProbe.periodSeconds | int | `5` |  |
 | server.livenessProbe.port | int | `8200` |  |
 | server.livenessProbe.successThreshold | int | `1` |  |
 | server.livenessProbe.timeoutSeconds | int | `3` |  |
 | server.logFormat | string | `""` |  |
 | server.logLevel | string | `""` |  |
 | server.networkPolicy.egress | list | `[]` |  |
 | server.networkPolicy.enabled | bool | `false` |  |
 | server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` |  |
 | server.networkPolicy.ingress[0].ports[0].port | int | `8200` |  |
 | server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` |  |
 | server.networkPolicy.ingress[0].ports[1].port | int | `8201` |  |
 | server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` |  |
 | server.nodeSelector | object | `{}` |  |
 | server.persistentVolumeClaimRetentionPolicy | object | `{}` |  |
 | server.postStart | list | `[]` |  |
 | server.preStopSleepSeconds | int | `5` |  |
 | server.priorityClassName | string | `""` |  |
 | server.readinessProbe.enabled | bool | `true` |  |
 | server.readinessProbe.failureThreshold | int | `2` |  |
 | server.readinessProbe.initialDelaySeconds | int | `5` |  |
 | server.readinessProbe.periodSeconds | int | `5` |  |
 | server.readinessProbe.port | int | `8200` |  |
 | server.readinessProbe.successThreshold | int | `1` |  |
 | server.readinessProbe.timeoutSeconds | int | `3` |  |
 | server.resources | object | `{}` |  |
 | server.route.activeService | bool | `true` |  |
 | server.route.annotations | object | `{}` |  |
 | server.route.enabled | bool | `false` |  |
 | server.route.host | string | `"chart-example.local"` |  |
 | server.route.labels | object | `{}` |  |
 | server.route.tls.termination | string | `"passthrough"` |  |
 | server.service.active.annotations | object | `{}` |  |
 | server.service.active.enabled | bool | `true` |  |
 | server.service.annotations | object | `{}` |  |
 | server.service.enabled | bool | `true` |  |
 | server.service.externalTrafficPolicy | string | `"Cluster"` |  |
 | server.service.instanceSelector.enabled | bool | `true` |  |
 | server.service.ipFamilies | list | `[]` |  |
 | server.service.ipFamilyPolicy | string | `""` |  |
 | server.service.port | int | `8200` |  |
 | server.service.publishNotReadyAddresses | bool | `true` |  |
 | server.service.standby.annotations | object | `{}` |  |
 | server.service.standby.enabled | bool | `true` |  |
 | server.service.targetPort | int | `8200` |  |
 | server.serviceAccount.annotations | object | `{}` |  |
 | server.serviceAccount.create | bool | `true` |  |
 | server.serviceAccount.createSecret | bool | `false` |  |
 | server.serviceAccount.extraLabels | object | `{}` |  |
 | server.serviceAccount.name | string | `""` |  |
 | server.serviceAccount.serviceDiscovery.enabled | bool | `true` |  |
 | server.shareProcessNamespace | bool | `false` | shareProcessNamespace enables process namespace sharing between OpenBao and the extraContainers This is useful if OpenBao must be signaled, e.g. to send a SIGHUP for a log rotation |
 | server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n  tls_disable = 1\n  address = \"[::]:8200\"\n  cluster_address = \"[::]:8201\"\n  # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n  #telemetry {\n  #  unauthenticated_metrics_access = \"true\"\n  #}\n}\nstorage \"file\" {\n  path = \"/openbao/data\"\n}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n#   project     = \"openbao-helm-dev\"\n#   region      = \"global\"\n#   key_ring    = \"openbao-helm-unseal-kr\"\n#   crypto_key  = \"openbao-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n#  prometheus_retention_time = \"30s\"\n#  disable_hostname = true\n#}\n"` |  |
 | server.standalone.enabled | string | `"-"` |  |
 | server.statefulSet.annotations | object | `{}` |  |
 | server.statefulSet.securityContext.container | object | `{}` |  |
 | server.statefulSet.securityContext.pod | object | `{}` |  |
 | server.terminationGracePeriodSeconds | int | `10` |  |
 | server.tolerations | list | `[]` |  |
 | server.topologySpreadConstraints | list | `[]` |  |
 | server.updateStrategyType | string | `"OnDelete"` |  |
 | server.volumeMounts | string | `nil` |  |
 | server.volumes | string | `nil` |  |
 | serverTelemetry.prometheusRules.enabled | bool | `false` |  |
 | serverTelemetry.prometheusRules.rules | list | `[]` |  |
 | serverTelemetry.prometheusRules.selectors | object | `{}` |  |
 | serverTelemetry.serviceMonitor.enabled | bool | `false` |  |
 | serverTelemetry.serviceMonitor.interval | string | `"30s"` |  |
 | serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` |  |
 | serverTelemetry.serviceMonitor.selectors | object | `{}` |  |
 | ui.activeOpenbaoPodOnly | bool | `false` |  |
 | ui.annotations | object | `{}` |  |
 | ui.enabled | bool | `false` |  |
 | ui.externalPort | int | `8200` |  |
 | ui.externalTrafficPolicy | string | `"Cluster"` |  |
 | ui.publishNotReadyAddresses | bool | `true` |  |
 | ui.serviceIPFamilies | list | `[]` |  |
 | ui.serviceIPFamilyPolicy | string | `""` |  |
 | ui.serviceNodePort | string | `nil` |  |
 | ui.serviceType | string | `"ClusterIP"` |  |
 | ui.targetPort | int | `8200` |  |
--- a/charts/openbao/templates/NOTES.txt
+++ b/charts/openbao/templates/NOTES.txt
@ -1,14 +0,0 @@
 Thank you for installing OpenBao!
 Now that you have deployed OpenBao, you should look over the docs on using
 OpenBao with Kubernetes available here:
 https://openbao.org/docs/
 Your release is named {{ .Release.Name }}. To learn more about the release, try:
  $ helm status {{ .Release.Name }}
  $ helm get manifest {{ .Release.Name }}
--- a/charts/openbao/templates/csi-rolebinding.yaml
+++ b/charts/openbao/templates/csi-rolebinding.yaml
@ -1,25 +0,0 @@
 {{/*
 Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
 {{- template "openbao.csiEnabled" . -}}
 {{- if .csiEnabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ template "openbao.fullname" . }}-csi-provider-rolebinding
  namespace: {{ include "openbao.namespace" . }}
  labels:
    app.kubernetes.io/name: {{ include "openbao.name" . }}-csi-provider
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ template "openbao.fullname" . }}-csi-provider-role
 subjects:
 - kind: ServiceAccount
  name: {{ template "openbao.fullname" . }}-csi-provider
  namespace: {{ include "openbao.namespace" . }}
 {{- end }}
--- a/charts/openbao/templates/server-config-configmap.yaml
+++ b/charts/openbao/templates/server-config-configmap.yaml
@ -1,31 +0,0 @@
 {{/*
 Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
 {{ template "openbao.mode" . }}
 {{- if ne .mode "external" }}
 {{- if .serverEnabled -}}
 {{- if ne .mode "dev" -}}
 {{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ template "openbao.fullname" . }}-config
  namespace: {{ include "openbao.namespace" . }}
  labels:
    helm.sh/chart: {{ include "openbao.chart" . }}
    app.kubernetes.io/name: {{ include "openbao.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- if .Values.server.includeConfigAnnotation }}
  annotations:
    vault.hashicorp.com/config-checksum: {{ include "openbao.config" . | sha256sum }}
 {{- end }}
 data:
  extraconfig-from-values.hcl: |-
    {{ template "openbao.config" . }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/openbao/templates/server-serviceaccount-secret.yaml
+++ b/charts/openbao/templates/server-serviceaccount-secret.yaml
@ -1,21 +0,0 @@
 {{/*
 Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
 {{ template "openbao.serverServiceAccountSecretCreationEnabled" . }}
 {{- if .serverServiceAccountSecretCreationEnabled -}}
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ template "openbao.serviceAccount.name" . }}-token
  namespace: {{ include "openbao.namespace" . }}
  annotations:
    kubernetes.io/service-account.name: {{ template "openbao.serviceAccount.name" . }}
  labels:
    helm.sh/chart: {{ include "openbao.chart" . }}
    app.kubernetes.io/name: {{ include "openbao.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 type: kubernetes.io/service-account-token
 {{ end }}
--- a/templates/NOTES.txt
+++ b/templates/NOTES.txt
@ -0,0 +1,14 @@
 Thank you for installing HashiCorp Vault!
 Now that you have deployed Vault, you should look over the docs on using
 Vault with Kubernetes available here:
 https://developer.hashicorp.com/vault/docs
 Your release is named {{ .Release.Name }}. To learn more about the release, try:
  $ helm status {{ .Release.Name }}
  $ helm get manifest {{ .Release.Name }}
--- a/charts/openbao/templates/_helpers.tpl
+++ b/charts/openbao/templates/_helpers.tpl
@ -9,7 +9,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to
 this (by the DNS naming spec). If release name contains chart name it will
 be used as a full name.
 */}}
-{{- define "openbao.fullname" -}}
+{{- define "vault.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
@ -25,28 +25,28 @@ be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "openbao.chart" -}}
+{{- define "vault.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "openbao.name" -}}
+{{- define "vault.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Allow the release namespace to be overridden
 */}}
-{{- define "openbao.namespace" -}}
+{{- define "vault.namespace" -}}
 {{- default .Release.Namespace .Values.global.namespace -}}
 {{- end -}}
 {{/*
 Compute if the csi driver is enabled.
 */}}
-{{- define "openbao.csiEnabled" -}}
+{{- define "vault.csiEnabled" -}}
 {{- $_ := set . "csiEnabled" (or
  (eq (.Values.csi.enabled | toString) "true")
  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
@ -55,7 +55,7 @@ Compute if the csi driver is enabled.
 {{/*
 Compute if the injector is enabled.
 */}}
-{{- define "openbao.injectorEnabled" -}}
+{{- define "vault.injectorEnabled" -}}
 {{- $_ := set . "injectorEnabled" (or
  (eq (.Values.injector.enabled | toString) "true")
  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
@ -64,7 +64,7 @@ Compute if the injector is enabled.
 {{/*
 Compute if the server is enabled.
 */}}
-{{- define "openbao.serverEnabled" -}}
+{{- define "vault.serverEnabled" -}}
 {{- $_ := set . "serverEnabled" (or
  (eq (.Values.server.enabled | toString) "true")
  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
@ -73,7 +73,7 @@ Compute if the server is enabled.
 {{/*
 Compute if the server serviceaccount is enabled.
 */}}
-{{- define "openbao.serverServiceAccountEnabled" -}}
+{{- define "vault.serverServiceAccountEnabled" -}}
 {{- $_ := set . "serverServiceAccountEnabled"
  (and
    (eq (.Values.server.serviceAccount.create | toString) "true" )
@ -85,7 +85,7 @@ Compute if the server serviceaccount is enabled.
 {{/*
 Compute if the server serviceaccount should have a token created and mounted to the serviceaccount.
 */}}
-{{- define "openbao.serverServiceAccountSecretCreationEnabled" -}}
+{{- define "vault.serverServiceAccountSecretCreationEnabled" -}}
 {{- $_ := set . "serverServiceAccountSecretCreationEnabled"
  (and
    (eq (.Values.server.serviceAccount.create | toString) "true")
@ -96,7 +96,7 @@ Compute if the server serviceaccount should have a token created and mounted to
 {{/*
 Compute if the server auth delegator serviceaccount is enabled.
 */}}
-{{- define "openbao.serverAuthDelegator" -}}
+{{- define "vault.serverAuthDelegator" -}}
 {{- $_ := set . "serverAuthDelegator"
  (and
    (eq (.Values.server.authDelegator.enabled | toString) "true" )
@ -110,15 +110,15 @@ Compute if the server auth delegator serviceaccount is enabled.
 {{/*
 Compute if the server service is enabled.
 */}}
-{{- define "openbao.serverServiceEnabled" -}}
+{{- define "vault.serverServiceEnabled" -}}
-{{- template "openbao.serverEnabled" . -}}
+{{- template "vault.serverEnabled" . -}}
 {{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
 {{- end -}}
 {{/*
 Compute if the ui is enabled.
 */}}
-{{- define "openbao.uiEnabled" -}}
+{{- define "vault.uiEnabled" -}}
 {{- $_ := set . "uiEnabled" (or
  (eq (.Values.ui.enabled | toString) "true")
  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
@ -129,7 +129,7 @@ Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
 This defaults to (n/2)-1 where n is the number of members of the server cluster.
 Add a special case for replicas=1, where it should default to 0 as well.
 */}}
-{{- define "openbao.pdb.maxUnavailable" -}}
+{{- define "vault.pdb.maxUnavailable" -}}
 {{- if eq (int .Values.server.ha.replicas) 1 -}}
 {{ 0 }}
 {{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
@ -143,8 +143,8 @@ Add a special case for replicas=1, where it should default to 0 as well.
 Set the variable 'mode' to the server mode requested by the user to simplify
 template logic.
 */}}
-{{- define "openbao.mode" -}}
+{{- define "vault.mode" -}}
-  {{- template "openbao.serverEnabled" . -}}
+  {{- template "vault.serverEnabled" . -}}
  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
    {{- $_ := set . "mode" "external" -}}
  {{- else if not .serverEnabled -}}
@ -163,7 +163,7 @@ template logic.
 {{/*
 Set's the replica count based on the different modes configured by user
 */}}
-{{- define "openbao.replicas" -}}
+{{- define "vault.replicas" -}}
  {{ if eq .mode "standalone" }}
    {{- default 1 -}}
  {{ else if eq .mode "ha" }}
@ -182,11 +182,11 @@ Set's up configmap mounts if this isn't a dev deployment and the user
 defined a custom configuration.  Additionally iterates over any
 extra volumes the user may have specified (such as a secret with TLS).
 */}}
-{{- define "openbao.volumes" -}}
+{{- define "vault.volumes" -}}
  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
        - name: config
          configMap:
-            name: {{ template "openbao.fullname" . }}-config
+            name: {{ template "vault.fullname" . }}-config
  {{ end }}
  {{- range .Values.server.extraVolumes }}
        - name: userconfig-{{ .name }}
@ -201,34 +201,40 @@ extra volumes the user may have specified (such as a secret with TLS).
  {{- if .Values.server.volumes }}
    {{- toYaml .Values.server.volumes | nindent 8}}
  {{- end }}
  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
        - name: vault-license
          secret:
            secretName: {{ .Values.server.enterpriseLicense.secretName }}
            defaultMode: 0440
  {{- end }}
 {{- end -}}
 {{/*
-Set's the args for custom command to render the OpenBao configuration
+Set's the args for custom command to render the Vault configuration
 file with IP addresses to make the out of box experience easier
 for users looking to use this chart with Consul Helm.
 */}}
-{{- define "openbao.args" -}}
+{{- define "vault.args" -}}
  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
          - |
-            cp /openbao/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
-            /usr/local/bin/docker-entrypoint.sh bao server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
   {{ else if eq .mode "dev" }}
          - |
-            /usr/local/bin/docker-entrypoint.sh bao server -dev {{ .Values.server.extraArgs }}
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
  {{ end }}
 {{- end -}}
 {{/*
 Set's additional environment variables based on the mode.
 */}}
-{{- define "openbao.envs" -}}
+{{- define "vault.envs" -}}
  {{ if eq .mode "dev" }}
            - name: VAULT_DEV_ROOT_TOKEN_ID
              value: {{ .Values.server.dev.devRootToken }}
@ -241,7 +247,7 @@ Set's additional environment variables based on the mode.
 Set's which additional volumes should be mounted to the container
 based on the mode configured.
 */}}
-{{- define "openbao.mounts" -}}
+{{- define "vault.mounts" -}}
  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
            - name: audit
              mountPath: {{ .Values.server.auditStorage.mountPath }}
@ -254,16 +260,21 @@ based on the mode configured.
  {{ end }}
  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
            - name: config
-              mountPath: /openbao/config
+              mountPath: /vault/config
  {{ end }}
  {{- range .Values.server.extraVolumes }}
            - name: userconfig-{{ .name }}
              readOnly: true
-              mountPath: {{ .path | default "/openbao/userconfig" }}/{{ .name }}
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
  {{- end }}
  {{- if .Values.server.volumeMounts }}
    {{- toYaml .Values.server.volumeMounts | nindent 12}}
  {{- end }}
  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
            - name: vault-license
              mountPath: /vault/license
              readOnly: true
  {{- end }}
 {{- end -}}
 {{/*
@ -271,14 +282,13 @@ Set's up the volumeClaimTemplates when data or audit storage is required.  HA
 might not use data storage since Consul is likely it's backend, however, audit
 storage might be desired by the user.
 */}}
-{{- define "openbao.volumeclaims" -}}
+{{- define "vault.volumeclaims" -}}
  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
  volumeClaimTemplates:
      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
    - metadata:
        name: data
-        {{- include "openbao.dataVolumeClaim.annotations" . | nindent 6 }}
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
        {{- include "openbao.dataVolumeClaim.labels" . | nindent 6 }}
      spec:
        accessModes:
          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
@ -292,8 +302,7 @@ storage might be desired by the user.
      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
    - metadata:
        name: audit
-        {{- include "openbao.auditVolumeClaim.annotations" . | nindent 6 }}
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
        {{- include "openbao.auditVolumeClaim.labels" . | nindent 6 }}
      spec:
        accessModes:
          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
@ -310,7 +319,7 @@ storage might be desired by the user.
 {{/*
 Set's the affinity for pod placement when running in standalone and HA modes.
 */}}
-{{- define "openbao.affinity" -}}
+{{- define "vault.affinity" -}}
  {{- if and (ne .mode "dev") .Values.server.affinity }}
      affinity:
        {{ $tp := typeOf .Values.server.affinity }}
@ -340,7 +349,7 @@ Sets the injector affinity for pod placement
 {{/*
 Sets the topologySpreadConstraints when running in standalone and HA modes.
 */}}
-{{- define "openbao.topologySpreadConstraints" -}}
+{{- define "vault.topologySpreadConstraints" -}}
  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
      topologySpreadConstraints:
        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
@ -371,7 +380,7 @@ Sets the injector topologySpreadConstraints for pod placement
 {{/*
 Sets the toleration for pod placement when running in standalone and HA modes.
 */}}
-{{- define "openbao.tolerations" -}}
+{{- define "vault.tolerations" -}}
  {{- if and (ne .mode "dev") .Values.server.tolerations }}
      tolerations:
      {{- $tp := typeOf .Values.server.tolerations }}
@ -401,7 +410,7 @@ Sets the injector toleration for pod placement
 {{/*
 Set's the node selector for pod placement when running in standalone and HA modes.
 */}}
-{{- define "openbao.nodeselector" -}}
+{{- define "vault.nodeselector" -}}
  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
      nodeSelector:
      {{- $tp := typeOf .Values.server.nodeSelector }}
@ -446,12 +455,9 @@ Sets the injector deployment update strategy
 {{/*
 Sets extra pod annotations
 */}}
-{{- define "openbao.annotations" }}
+{{- define "vault.annotations" -}}
      annotations:
  {{- if .Values.server.includeConfigAnnotation }}
        openbao.hashicorp.com/config-checksum: {{ include "openbao.config" . | sha256sum }}
  {{- end }}
  {{- if .Values.server.annotations }}
      annotations:
        {{- $tp := typeOf .Values.server.annotations }}
        {{- if eq $tp "string" }}
          {{- tpl .Values.server.annotations . | nindent 8 }}
@ -555,7 +561,7 @@ securityContext for the statefulset pod template.
 {{- end -}}
 {{/*
-securityContext for the statefulset openbao container
+securityContext for the statefulset vault container
 */}}
 {{- define "server.statefulSet.securityContext.container" -}}
  {{- if .Values.server.statefulSet.securityContext.container }}
@ -622,7 +628,7 @@ Set's the injector webhook objectSelector
 {{/*
 Sets extra ui service annotations
 */}}
-{{- define "openbao.ui.annotations" -}}
+{{- define "vault.ui.annotations" -}}
  {{- if .Values.ui.annotations }}
  annotations:
    {{- $tp := typeOf .Values.ui.annotations }}
@ -637,9 +643,9 @@ Sets extra ui service annotations
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "openbao.serviceAccount.name" -}}
+{{- define "vault.serviceAccount.name" -}}
 {{- if .Values.server.serviceAccount.create -}}
-    {{ default (include "openbao.fullname" .) .Values.server.serviceAccount.name }}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
 {{- else -}}
    {{ default "default" .Values.server.serviceAccount.name }}
 {{- end -}}
@ -648,7 +654,7 @@ Create the name of the service account to use
 {{/*
 Sets extra service account annotations
 */}}
-{{- define "openbao.serviceAccount.annotations" -}}
+{{- define "vault.serviceAccount.annotations" -}}
  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
  annotations:
    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
@ -663,7 +669,7 @@ Sets extra service account annotations
 {{/*
 Sets extra ingress annotations
 */}}
-{{- define "openbao.ingress.annotations" -}}
+{{- define "vault.ingress.annotations" -}}
  {{- if .Values.server.ingress.annotations }}
  annotations:
    {{- $tp := typeOf .Values.server.ingress.annotations }}
@ -678,7 +684,7 @@ Sets extra ingress annotations
 {{/*
 Sets extra route annotations
 */}}
-{{- define "openbao.route.annotations" -}}
+{{- define "vault.route.annotations" -}}
  {{- if .Values.server.route.annotations }}
  annotations:
    {{- $tp := typeOf .Values.server.route.annotations }}
@ -691,9 +697,9 @@ Sets extra route annotations
 {{- end -}}
 {{/*
-Sets extra openbao server Service annotations
+Sets extra vault server Service annotations
 */}}
-{{- define "openbao.service.annotations" -}}
+{{- define "vault.service.annotations" -}}
  {{- if .Values.server.service.annotations }}
    {{- $tp := typeOf .Values.server.service.annotations }}
    {{- if eq $tp "string" }}
@ -705,9 +711,9 @@ Sets extra openbao server Service annotations
 {{- end -}}
 {{/*
-Sets extra openbao server Service (active) annotations
+Sets extra vault server Service (active) annotations
 */}}
-{{- define "openbao.service.active.annotations" -}}
+{{- define "vault.service.active.annotations" -}}
  {{- if .Values.server.service.active.annotations }}
    {{- $tp := typeOf .Values.server.service.active.annotations }}
    {{- if eq $tp "string" }}
@ -718,9 +724,9 @@ Sets extra openbao server Service (active) annotations
  {{- end }}
 {{- end -}}
 {{/*
-Sets extra openbao server Service annotations
+Sets extra vault server Service annotations
 */}}
-{{- define "openbao.service.standby.annotations" -}}
+{{- define "vault.service.standby.annotations" -}}
  {{- if .Values.server.service.standby.annotations }}
    {{- $tp := typeOf .Values.server.service.standby.annotations }}
    {{- if eq $tp "string" }}
@ -734,7 +740,7 @@ Sets extra openbao server Service annotations
 {{/*
 Sets PodSecurityPolicy annotations
 */}}
-{{- define "openbao.psp.annotations" -}}
+{{- define "vault.psp.annotations" -}}
  {{- if .Values.global.psp.annotations }}
  annotations:
    {{- $tp := typeOf .Values.global.psp.annotations }}
@ -749,7 +755,7 @@ Sets PodSecurityPolicy annotations
 {{/*
 Sets extra statefulset annotations
 */}}
-{{- define "openbao.statefulSet.annotations" -}}
+{{- define "vault.statefulSet.annotations" -}}
  {{- if .Values.server.statefulSet.annotations }}
  annotations:
    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
@ -764,7 +770,7 @@ Sets extra statefulset annotations
 {{/*
 Sets VolumeClaim annotations for data volume
 */}}
-{{- define "openbao.dataVolumeClaim.annotations" -}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
  annotations:
    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
@ -776,25 +782,10 @@ Sets VolumeClaim annotations for data volume
  {{- end }}
 {{- end -}}
 {{/*
 Sets VolumeClaim labels for data volume
 */}}
 {{- define "openbao.dataVolumeClaim.labels" -}}
  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.labels) }}
  labels:
    {{- $tp := typeOf .Values.server.dataStorage.labels }}
    {{- if eq $tp "string" }}
      {{- tpl .Values.server.dataStorage.labels . | nindent 4 }}
    {{- else }}
      {{- toYaml .Values.server.dataStorage.labels | nindent 4 }}
    {{- end }}
  {{- end }}
 {{- end -}}
 {{/*
 Sets VolumeClaim annotations for audit volume
 */}}
-{{- define "openbao.auditVolumeClaim.annotations" -}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
  annotations:
    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
@ -806,25 +797,10 @@ Sets VolumeClaim annotations for audit volume
  {{- end }}
 {{- end -}}
 {{/*
 Sets VolumeClaim labels for audit volume
 */}}
 {{- define "openbao.auditVolumeClaim.labels" -}}
  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.labels) }}
  labels:
    {{- $tp := typeOf .Values.server.auditStorage.labels }}
    {{- if eq $tp "string" }}
      {{- tpl .Values.server.auditStorage.labels . | nindent 4 }}
    {{- else }}
      {{- toYaml .Values.server.auditStorage.labels | nindent 4 }}
    {{- end }}
  {{- end }}
 {{- end -}}
 {{/*
 Set's the container resources if the user has set any.
 */}}
-{{- define "openbao.resources" -}}
+{{- define "vault.resources" -}}
  {{- if .Values.server.resources -}}
          resources:
 {{ toYaml .Values.server.resources | indent 12}}
@ -983,7 +959,7 @@ Sets extra CSI service account annotations
 {{/*
 Inject extra environment vars in the format key:value, if populated
 */}}
-{{- define "openbao.extraEnvironmentVars" -}}
+{{- define "vault.extraEnvironmentVars" -}}
 {{- if .extraEnvironmentVars -}}
 {{- range $key, $value := .extraEnvironmentVars }}
 - name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
@ -995,7 +971,7 @@ Inject extra environment vars in the format key:value, if populated
 {{/*
 Inject extra environment populated by secrets, if populated
 */}}
-{{- define "openbao.extraSecretEnvironmentVars" -}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
 {{- if .extraSecretEnvironmentVars -}}
 {{- range .extraSecretEnvironmentVars }}
 - name: {{ .envName }}
@ -1008,7 +984,7 @@ Inject extra environment populated by secrets, if populated
 {{- end -}}
 {{/* Scheme for health check and local endpoint */}}
-{{- define "openbao.scheme" -}}
+{{- define "vault.scheme" -}}
 {{- if .Values.global.tlsDisable -}}
 {{ "http" }}
 {{- else -}}
@ -1067,28 +1043,3 @@ Supported inputs are Values.ui
 {{- end -}}
 {{- end }}
 {{- end -}}
 {{/*
 config file from values
 */}}
 {{- define "openbao.config" -}}
  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
  {{- $type := typeOf (index .Values.server .mode).config }}
  {{- if eq $type "string" }}
    disable_mlock = true
  {{- if eq .mode "standalone" }}
    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
  {{ end }}
  {{- else }}
  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
 {{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
  {{- else }}
 {{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
  {{- end }}
  {{- end }}
  {{- end }}
 {{- end -}}
--- a/charts/openbao/templates/csi-agent-configmap.yaml
+++ b/charts/openbao/templates/csi-agent-configmap.yaml
@ -3,16 +3,16 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.csiEnabled" . -}}
+{{- template "vault.csiEnabled" . -}}
 {{- if and (.csiEnabled) (eq (.Values.csi.agent.enabled | toString) "true") -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "openbao.fullname" . }}-csi-provider-agent-config
+  name: {{ template "vault.fullname" . }}-csi-provider-agent-config
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-csi-provider
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 data:
@ -21,7 +21,7 @@ data:
        {{- if .Values.global.externalVaultAddr }}
        "address" = "{{ .Values.global.externalVaultAddr }}"
        {{- else }}
-        "address" = "{{ include "openbao.scheme" . }}://{{ template "openbao.fullname" . }}.{{ include "openbao.namespace" . }}.svc:{{ .Values.server.service.port }}"
+        "address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}"
        {{- end }}
    }
--- a/charts/openbao/templates/csi-clusterrole.yaml
+++ b/charts/openbao/templates/csi-clusterrole.yaml
@ -3,14 +3,14 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.csiEnabled" . -}}
+{{- template "vault.csiEnabled" . -}}
 {{- if .csiEnabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ template "openbao.fullname" . }}-csi-provider-clusterrole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-csi-provider
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 rules:
--- a/charts/openbao/templates/csi-clusterrolebinding.yaml
+++ b/charts/openbao/templates/csi-clusterrolebinding.yaml
@ -3,22 +3,22 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.csiEnabled" . -}}
+{{- template "vault.csiEnabled" . -}}
 {{- if .csiEnabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ template "openbao.fullname" . }}-csi-provider-clusterrolebinding
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-csi-provider
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: {{ template "openbao.fullname" . }}-csi-provider-clusterrole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
 subjects:
 - kind: ServiceAccount
-  name: {{ template "openbao.fullname" . }}-csi-provider
+  name: {{ template "vault.fullname" . }}-csi-provider
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
 {{- end }}
--- a/charts/openbao/templates/csi-daemonset.yaml
+++ b/charts/openbao/templates/csi-daemonset.yaml
@ -3,15 +3,15 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.csiEnabled" . -}}
+{{- template "vault.csiEnabled" . -}}
 {{- if .csiEnabled -}}
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
-  name: {{ template "openbao.fullname" . }}-csi-provider
+  name: {{ template "vault.fullname" . }}-csi-provider
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-csi-provider
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    {{- if  .Values.csi.daemonSet.extraLabels -}}
@ -27,12 +27,12 @@ spec:
    {{- end }}
  selector:
    matchLabels:
-      app.kubernetes.io/name: {{ include "openbao.name" . }}-csi-provider
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
-        app.kubernetes.io/name: {{ template "openbao.name" . }}-csi-provider
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
        app.kubernetes.io/instance: {{ .Release.Name }}
        {{- if  .Values.csi.pod.extraLabels -}}
          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
@ -43,15 +43,15 @@ spec:
      {{- if .Values.csi.priorityClassName }}
      priorityClassName: {{ .Values.csi.priorityClassName }}
      {{- end }}
-      serviceAccountName: {{ template "openbao.fullname" . }}-csi-provider
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
      {{- template "csi.pod.tolerations" . }}
      {{- template "csi.pod.nodeselector" . }}
      {{- template "csi.pod.affinity" . }}
      containers:
-        - name: {{ include "openbao.name" . }}-csi-provider
+        - name: {{ include "vault.name" . }}-csi-provider
          {{ template "csi.resources" . }}
          {{ template "csi.daemonSet.securityContext.container" . }}
-          image: "{{ .Values.csi.image.registry | default "docker.io" }}/{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
          args:
            - --endpoint=/provider/vault.sock
@ -59,7 +59,7 @@ spec:
            {{- if .Values.csi.hmacSecretName }}
            - --hmac-secret-name={{ .Values.csi.hmacSecretName }}
            {{- else }}
-            - --hmac-secret-name={{- include "openbao.name" . }}-csi-provider-hmac-key
+            - --hmac-secret-name={{- include "vault.name" . }}-csi-provider-hmac-key
            {{- end }}
            {{- if .Values.csi.extraArgs }}
            {{- toYaml .Values.csi.extraArgs | nindent 12 }}
@ -71,7 +71,7 @@ spec:
            {{- else if .Values.global.externalVaultAddr }}
              value: "{{ .Values.global.externalVaultAddr }}"
            {{- else }}
-              value: {{ include "openbao.scheme" . }}://{{ template "openbao.fullname" . }}.{{ include "openbao.namespace" . }}.svc:{{ .Values.server.service.port }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
            {{- end }}
          volumeMounts:
            - name: providervol
@ -102,12 +102,12 @@ spec:
            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
        {{- if eq (.Values.csi.agent.enabled | toString) "true" }}
-        - name: {{ include "openbao.name" . }}-agent
+        - name: {{ include "vault.name" . }}-agent
-          image: "{{ .Values.csi.agent.image.registry | default "docker.io" }}/{{ .Values.csi.agent.image.repository }}:{{ .Values.csi.agent.image.tag }}"
+          image: "{{ .Values.csi.agent.image.repository }}:{{ .Values.csi.agent.image.tag }}"
          imagePullPolicy: {{ .Values.csi.agent.image.pullPolicy }}
          {{ template "csi.agent.resources" . }}
          command:
-            - bao
+            - vault
          args:
            - agent
            - -config=/etc/vault/config.hcl
@ -117,9 +117,9 @@ spec:
          ports:
            - containerPort: 8200
          env:
-            - name: BAO_LOG_LEVEL
+            - name: VAULT_LOG_LEVEL
              value: "{{ .Values.csi.agent.logLevel }}"
-            - name: BAO_LOG_FORMAT
+            - name: VAULT_LOG_FORMAT
              value: "{{ .Values.csi.agent.logFormat }}"
          securityContext:
            runAsNonRoot: true
@ -145,7 +145,7 @@ spec:
        {{- if eq (.Values.csi.agent.enabled | toString) "true" }}
        - name: agent-config
          configMap:
-            name: {{ template "openbao.fullname" . }}-csi-provider-agent-config
+            name: {{ template "vault.fullname" . }}-csi-provider-agent-config
        - name: agent-unix-socket
          emptyDir:
            medium: Memory
--- a/charts/openbao/templates/csi-role.yaml
+++ b/charts/openbao/templates/csi-role.yaml
@ -3,15 +3,15 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.csiEnabled" . -}}
+{{- template "vault.csiEnabled" . -}}
 {{- if .csiEnabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ template "openbao.fullname" . }}-csi-provider-role
+  name: {{ template "vault.fullname" . }}-csi-provider-role
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-csi-provider
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 rules:
@ -22,7 +22,7 @@ rules:
    {{- if .Values.csi.hmacSecretName }}
    - {{ .Values.csi.hmacSecretName }}
    {{- else }}
-    - {{ include "openbao.name" . }}-csi-provider-hmac-key
+    - {{ include "vault.name" . }}-csi-provider-hmac-key
    {{- end }}
 # 'create' permissions cannot be restricted by resource name:
 # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources
--- a/templates/csi-rolebinding.yaml
+++ b/templates/csi-rolebinding.yaml
@ -0,0 +1,25 @@
 {{/*
 Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
 {{- template "vault.csiEnabled" . -}}
 {{- if .csiEnabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ template "vault.fullname" . }}-csi-provider-rolebinding
  namespace: {{ include "vault.namespace" . }}
  labels:
    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ template "vault.fullname" . }}-csi-provider-role
 subjects:
 - kind: ServiceAccount
  name: {{ template "vault.fullname" . }}-csi-provider
  namespace: {{ include "vault.namespace" . }}
 {{- end }}
--- a/charts/openbao/templates/csi-serviceaccount.yaml
+++ b/charts/openbao/templates/csi-serviceaccount.yaml
@ -3,15 +3,15 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.csiEnabled" . -}}
+{{- template "vault.csiEnabled" . -}}
 {{- if .csiEnabled -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ template "openbao.fullname" . }}-csi-provider
+  name: {{ template "vault.fullname" . }}-csi-provider
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-csi-provider
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    {{- if  .Values.csi.serviceAccount.extraLabels -}}
--- a/charts/openbao/templates/injector-certs-secret.yaml
+++ b/charts/openbao/templates/injector-certs-secret.yaml
@ -3,16 +3,16 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.injectorEnabled" . -}}
+{{- template "vault.injectorEnabled" . -}}
 {{- if .injectorEnabled -}}
 {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: openbao-injector-certs
+  name: vault-injector-certs
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-agent-injector
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
--- a/charts/openbao/templates/injector-clusterrole.yaml
+++ b/charts/openbao/templates/injector-clusterrole.yaml
@ -3,14 +3,14 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.injectorEnabled" . -}}
+{{- template "vault.injectorEnabled" . -}}
 {{- if .injectorEnabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ template "openbao.fullname" . }}-agent-injector-clusterrole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-agent-injector
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 rules:
@ -21,10 +21,4 @@ rules:
    - "list"
    - "watch"
    - "patch"
 {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
 - apiGroups: [""]
  resources: ["nodes"]
  verbs:
    - "get"
 {{ end }}
 {{ end }}
--- a/charts/openbao/templates/injector-clusterrolebinding.yaml
+++ b/charts/openbao/templates/injector-clusterrolebinding.yaml
@ -3,22 +3,22 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.injectorEnabled" . -}}
+{{- template "vault.injectorEnabled" . -}}
 {{- if .injectorEnabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ template "openbao.fullname" . }}-agent-injector-binding
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-agent-injector
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: {{ template "openbao.fullname" . }}-agent-injector-clusterrole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
 subjects:
 - kind: ServiceAccount
-  name: {{ template "openbao.fullname" . }}-agent-injector
+  name: {{ template "vault.fullname" . }}-agent-injector
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
 {{ end }}
--- a/charts/openbao/templates/injector-deployment.yaml
+++ b/charts/openbao/templates/injector-deployment.yaml
@ -3,16 +3,16 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.injectorEnabled" . -}}
+{{- template "vault.injectorEnabled" . -}}
 {{- if .injectorEnabled -}}
 # Deployment for the injector
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ template "openbao.fullname" . }}-agent-injector
+  name: {{ template "vault.fullname" . }}-agent-injector
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-agent-injector
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    component: webhook
@ -20,14 +20,14 @@ spec:
  replicas: {{ .Values.injector.replicas }}
  selector:
    matchLabels:
-      app.kubernetes.io/name: {{ template "openbao.name" . }}-agent-injector
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
      app.kubernetes.io/instance: {{ .Release.Name }}
      component: webhook
  {{ template "injector.strategy" . }}
  template:
    metadata:
      labels:
-        app.kubernetes.io/name: {{ template "openbao.name" . }}-agent-injector
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
        app.kubernetes.io/instance: {{ .Release.Name }}
        component: webhook
        {{- if  .Values.injector.extraLabels -}}
@ -42,7 +42,7 @@ spec:
      {{- if .Values.injector.priorityClassName }}
      priorityClassName: {{ .Values.injector.priorityClassName }}
      {{- end }}
-      serviceAccountName: "{{ template "openbao.fullname" . }}-agent-injector"
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
      {{ template "injector.securityContext.pod" . -}}
      {{- if not .Values.global.openshift }}
      hostNetwork: {{ .Values.injector.hostNetwork }}
@ -50,7 +50,7 @@ spec:
      containers:
        - name: sidecar-injector
          {{ template "injector.resources" . }}
-          image: "{{ .Values.injector.image.registry | default "docker.io" }}/{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
          {{- template "injector.securityContext.container" . }}
          env:
@ -64,12 +64,12 @@ spec:
            {{- else if .Values.injector.externalVaultAddr }}
              value: "{{ .Values.injector.externalVaultAddr }}"
            {{- else }}
-              value: {{ include "openbao.scheme" . }}://{{ template "openbao.fullname" . }}.{{ include "openbao.namespace" . }}.svc:{{ .Values.server.service.port }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
            {{- end }}
            - name: AGENT_INJECT_VAULT_AUTH_PATH
              value: {{ .Values.injector.authPath }}
            - name: AGENT_INJECT_VAULT_IMAGE
-              value: "{{ .Values.injector.image.registry | default "quay.io" }}/{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
            {{- if .Values.injector.certs.secretName }}
            - name: AGENT_INJECT_TLS_CERT_FILE
              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
@ -77,9 +77,9 @@ spec:
              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
            {{- else }}
            - name: AGENT_INJECT_TLS_AUTO
-              value: {{ template "openbao.fullname" . }}-agent-injector-cfg
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
            - name: AGENT_INJECT_TLS_AUTO_HOSTS
-              value: {{ template "openbao.fullname" . }}-agent-injector-svc,{{ template "openbao.fullname" . }}-agent-injector-svc.{{ include "openbao.namespace" . }},{{ template "openbao.fullname" . }}-agent-injector-svc.{{ include "openbao.namespace" . }}.svc
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ include "vault.namespace" . }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ include "vault.namespace" . }}.svc
            {{- end }}
            - name: AGENT_INJECT_LOG_FORMAT
              value: {{ .Values.injector.logFormat | default "standard" }}
@ -125,7 +125,7 @@ spec:
            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
            {{- end }}
-            {{- include "openbao.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
            - name: POD_NAME
              valueFrom:
                fieldRef:
--- a/charts/openbao/templates/injector-disruptionbudget.yaml
+++ b/charts/openbao/templates/injector-disruptionbudget.yaml
@ -7,18 +7,18 @@ SPDX-License-Identifier: MPL-2.0
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
-  name: {{ template "openbao.fullname" . }}-agent-injector
+  name: {{ template "vault.fullname" . }}-agent-injector
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-agent-injector
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    component: webhook
 spec:
  selector:
    matchLabels:
-      app.kubernetes.io/name: {{ template "openbao.name" . }}-agent-injector
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
      app.kubernetes.io/instance: {{ .Release.Name }}
      component: webhook
  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
--- a/charts/openbao/templates/injector-mutating-webhook.yaml
+++ b/charts/openbao/templates/injector-mutating-webhook.yaml
@ -3,7 +3,7 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.injectorEnabled" . -}}
+{{- template "vault.injectorEnabled" . -}}
 {{- if .injectorEnabled -}}
 {{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
 apiVersion: admissionregistration.k8s.io/v1
@ -12,9 +12,9 @@ apiVersion: admissionregistration.k8s.io/v1beta1
 {{- end }}
 kind: MutatingWebhookConfiguration
 metadata:
-  name: {{ template "openbao.fullname" . }}-agent-injector-cfg
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-agent-injector
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
  {{- template "injector.webhookAnnotations" . }}
@ -27,8 +27,8 @@ webhooks:
    admissionReviewVersions: ["v1", "v1beta1"]
    clientConfig:
      service:
-        name: {{ template "openbao.fullname" . }}-agent-injector-svc
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
-        namespace: {{ include "openbao.namespace" . }}
+        namespace: {{ include "vault.namespace" . }}
        path: "/mutate"
      caBundle: {{ .Values.injector.certs.caBundle | quote }}
    rules:
--- a/charts/openbao/templates/injector-network-policy.yaml
+++ b/charts/openbao/templates/injector-network-policy.yaml
@ -3,20 +3,20 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.injectorEnabled" . -}}
+{{- template "vault.injectorEnabled" . -}}
 {{- if .injectorEnabled -}}
 {{- if eq (.Values.global.openshift | toString) "true" }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: {{ template "openbao.fullname" . }}-agent-injector
+  name: {{ template "vault.fullname" . }}-agent-injector
  labels:
-    app.kubernetes.io/name: {{ template "openbao.name" . }}-agent-injector
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
 spec:
  podSelector:
    matchLabels:
-      app.kubernetes.io/name: {{ template "openbao.name" . }}-agent-injector
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
      app.kubernetes.io/instance: {{ .Release.Name }}
      component: webhook
  ingress:
--- a/charts/openbao/templates/injector-psp-role.yaml
+++ b/charts/openbao/templates/injector-psp-role.yaml
@ -3,16 +3,16 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.injectorEnabled" . -}}
+{{- template "vault.injectorEnabled" . -}}
 {{- if .injectorEnabled -}}
 {{- if eq (.Values.global.psp.enable | toString) "true" }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ template "openbao.fullname" . }}-agent-injector-psp
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 rules:
@ -20,6 +20,6 @@ rules:
  resources: ['podsecuritypolicies']
  verbs:     ['use']
  resourceNames:
-    - {{ template "openbao.fullname" . }}-agent-injector
+    - {{ template "vault.fullname" . }}-agent-injector
 {{- end }}
 {{- end }}
--- a/charts/openbao/templates/injector-psp-rolebinding.yaml
+++ b/charts/openbao/templates/injector-psp-rolebinding.yaml
@ -3,24 +3,24 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.injectorEnabled" . -}}
+{{- template "vault.injectorEnabled" . -}}
 {{- if .injectorEnabled -}}
 {{- if eq (.Values.global.psp.enable | toString) "true" }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ template "openbao.fullname" . }}-agent-injector-psp
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 roleRef:
  kind: Role
-  name: {{ template "openbao.fullname" . }}-agent-injector-psp
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
  apiGroup: rbac.authorization.k8s.io
 subjects:
  - kind: ServiceAccount
-    name: {{ template "openbao.fullname" . }}-agent-injector
+    name: {{ template "vault.fullname" . }}-agent-injector
 {{- end }}
 {{- end }}
--- a/charts/openbao/templates/injector-psp.yaml
+++ b/charts/openbao/templates/injector-psp.yaml
@ -3,18 +3,18 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.injectorEnabled" . -}}
+{{- template "vault.injectorEnabled" . -}}
 {{- if .injectorEnabled -}}
 {{- if eq (.Values.global.psp.enable | toString) "true" }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
-  name: {{ template "openbao.fullname" . }}-agent-injector
+  name: {{ template "vault.fullname" . }}-agent-injector
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- template "openbao.psp.annotations" . }}
+{{- template "vault.psp.annotations" . }}
 spec:
  privileged: false
  # Required to prevent escalations to root.
--- a/charts/openbao/templates/injector-role.yaml
+++ b/charts/openbao/templates/injector-role.yaml
@ -3,16 +3,16 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.injectorEnabled" . -}}
+{{- template "vault.injectorEnabled" . -}}
 {{- if .injectorEnabled -}}
 {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ template "openbao.fullname" . }}-agent-injector-leader-elector-role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-agent-injector
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 rules:
--- a/charts/openbao/templates/injector-rolebinding.yaml
+++ b/charts/openbao/templates/injector-rolebinding.yaml
@ -3,25 +3,25 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.injectorEnabled" . -}}
+{{- template "vault.injectorEnabled" . -}}
 {{- if .injectorEnabled -}}
 {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ template "openbao.fullname" . }}-agent-injector-leader-elector-binding
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-agent-injector
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
-  name: {{ template "openbao.fullname" . }}-agent-injector-leader-elector-role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
 subjects:
  - kind: ServiceAccount
-    name: {{ template "openbao.fullname" . }}-agent-injector
+    name: {{ template "vault.fullname" . }}-agent-injector
-    namespace: {{ include "openbao.namespace" . }}
+    namespace: {{ include "vault.namespace" . }}
 {{- end }}
 {{- end }}
--- a/charts/openbao/templates/injector-service.yaml
+++ b/charts/openbao/templates/injector-service.yaml
@ -3,15 +3,15 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.injectorEnabled" . -}}
+{{- template "vault.injectorEnabled" . -}}
 {{- if .injectorEnabled -}}
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "openbao.fullname" . }}-agent-injector-svc
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-agent-injector
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
  {{ template "injector.service.annotations" . }}
@ -21,7 +21,7 @@ spec:
    port: 443
    targetPort: {{ .Values.injector.port }}
  selector:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-agent-injector
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
    component: webhook
 {{- end }}
--- a/charts/openbao/templates/injector-serviceaccount.yaml
+++ b/charts/openbao/templates/injector-serviceaccount.yaml
@ -3,15 +3,15 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{- template "openbao.injectorEnabled" . -}}
+{{- template "vault.injectorEnabled" . -}}
 {{- if .injectorEnabled -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ template "openbao.fullname" . }}-agent-injector
+  name: {{ template "vault.fullname" . }}-agent-injector
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-agent-injector
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
  {{ template "injector.serviceAccount.annotations" . }}
--- a/charts/openbao/templates/prometheus-prometheusrules.yaml
+++ b/charts/openbao/templates/prometheus-prometheusrules.yaml
@ -10,10 +10,10 @@ SPDX-License-Identifier: MPL-2.0
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
-  name: {{ template "openbao.fullname" . }}
+  name: {{ template "vault.fullname" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}}
@ -25,7 +25,7 @@ metadata:
    {{- end }}
 spec:
  groups:
-  - name: {{ include "openbao.fullname" . }}
+  - name: {{ include "vault.fullname" . }}
    rules:
      {{- toYaml .Values.serverTelemetry.prometheusRules.rules | nindent 6 }}
 {{- end }}
--- a/charts/openbao/templates/prometheus-servicemonitor.yaml
+++ b/charts/openbao/templates/prometheus-servicemonitor.yaml
@ -3,16 +3,16 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{ if or (.Values.global.serverTelemetry.prometheusOperator) (.Values.serverTelemetry.serviceMonitor.enabled) }}
 ---
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ template "openbao.fullname" . }}
+  name: {{ template "vault.fullname" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}}
@ -25,18 +25,18 @@ metadata:
 spec:
  selector:
    matchLabels:
-      app.kubernetes.io/name: {{ template "openbao.name" . }}
+      app.kubernetes.io/name: {{ template "vault.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
      {{- if eq .mode "ha" }}
-      openbao-active: "true"
+      vault-active: "true"
      {{- else }}
-      openbao-internal: "true"
+      vault-internal: "true"
      {{- end }}
  endpoints:
-  - port: {{ include "openbao.scheme" . }}
+  - port: {{ include "vault.scheme" . }}
    interval: {{ .Values.serverTelemetry.serviceMonitor.interval }}
    scrapeTimeout: {{ .Values.serverTelemetry.serviceMonitor.scrapeTimeout }}
-    scheme: {{ include "openbao.scheme" . | lower }}
+    scheme: {{ include "vault.scheme" . | lower }}
    path: /v1/sys/metrics
    params:
      format:
@ -45,5 +45,5 @@ spec:
      insecureSkipVerify: true
  namespaceSelector:
    matchNames:
-      - {{ include "openbao.namespace" . }}
+      - {{ include "vault.namespace" . }}
 {{ end }}
--- a/charts/openbao/templates/server-clusterrolebinding.yaml
+++ b/charts/openbao/templates/server-clusterrolebinding.yaml
@ -3,7 +3,7 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.serverAuthDelegator" . }}
+{{ template "vault.serverAuthDelegator" . }}
 {{- if .serverAuthDelegator -}}
 {{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
 apiVersion: rbac.authorization.k8s.io/v1
@ -12,10 +12,10 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
 {{- end }}
 kind: ClusterRoleBinding
 metadata:
-  name: {{ template "openbao.fullname" . }}-server-binding
+  name: {{ template "vault.fullname" . }}-server-binding
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 roleRef:
@ -24,6 +24,6 @@ roleRef:
  name: system:auth-delegator
 subjects:
 - kind: ServiceAccount
-  name: {{ template "openbao.serviceAccount.name" . }}
+  name: {{ template "vault.serviceAccount.name" . }}
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
 {{ end }}
--- a/templates/server-config-configmap.yaml
+++ b/templates/server-config-configmap.yaml
@ -0,0 +1,45 @@
 {{/*
 Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
 {{ template "vault.mode" . }}
 {{- if ne .mode "external" }}
 {{- if .serverEnabled -}}
 {{- if ne .mode "dev" -}}
 {{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ template "vault.fullname" . }}-config
  namespace: {{ include "vault.namespace" . }}
  labels:
    helm.sh/chart: {{ include "vault.chart" . }}
    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 data:
  extraconfig-from-values.hcl: |-
  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
  {{- $type := typeOf (index .Values.server .mode).config }}
  {{- if eq $type "string" }}
    disable_mlock = true
  {{- if eq .mode "standalone" }}
    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
  {{ end }}
  {{- else }}
  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
 {{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
  {{- else }}
 {{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
  {{- end }}
  {{- end }}
  {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/openbao/templates/server-discovery-role.yaml
+++ b/charts/openbao/templates/server-discovery-role.yaml
@ -3,18 +3,18 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if .serverEnabled -}}
 {{- if eq .mode "ha" }}
 {{- if eq (.Values.server.serviceAccount.serviceDiscovery.enabled | toString) "true" }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
-  name: {{ template "openbao.fullname" . }}-discovery-role
+  name: {{ template "vault.fullname" . }}-discovery-role
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 rules:
--- a/charts/openbao/templates/server-discovery-rolebinding.yaml
+++ b/charts/openbao/templates/server-discovery-rolebinding.yaml
@ -3,7 +3,7 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if .serverEnabled -}}
 {{- if eq .mode "ha" }}
 {{- if eq (.Values.server.serviceAccount.serviceDiscovery.enabled | toString) "true" }}
@ -14,21 +14,21 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
 {{- end }}
 kind: RoleBinding
 metadata:
-  name: {{ template "openbao.fullname" . }}-discovery-rolebinding
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
-  name: {{ template "openbao.fullname" . }}-discovery-role
+  name: {{ template "vault.fullname" . }}-discovery-role
 subjects:
 - kind: ServiceAccount
-  name: {{ template "openbao.serviceAccount.name" . }}
+  name: {{ template "vault.serviceAccount.name" . }}
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
 {{ end }}
 {{ end }}
 {{ end }}
--- a/charts/openbao/templates/server-disruptionbudget.yaml
+++ b/charts/openbao/templates/server-disruptionbudget.yaml
@ -3,7 +3,7 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if ne .mode "external" -}}
 {{- if .serverEnabled -}}
 {{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
@ -12,18 +12,18 @@ SPDX-License-Identifier: MPL-2.0
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
-  name: {{ template "openbao.fullname" . }}
+  name: {{ template "vault.fullname" . }}
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
-  maxUnavailable: {{ template "openbao.pdb.maxUnavailable" . }}
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
  selector:
    matchLabels:
-      app.kubernetes.io/name: {{ include "openbao.name" . }}
+      app.kubernetes.io/name: {{ include "vault.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
      component: server
 {{- end -}}
--- a/charts/openbao/templates/server-ha-active-service.yaml
+++ b/charts/openbao/templates/server-ha-active-service.yaml
@ -3,27 +3,27 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if ne .mode "external" }}
-{{- template "openbao.serverServiceEnabled" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
 {{- if .serverServiceEnabled -}}
 {{- if eq .mode "ha" }}
 {{- if eq (.Values.server.service.active.enabled | toString) "true" }}
-# Service for active OpenBao pod
+# Service for active Vault pod
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "openbao.fullname" . }}-active
+  name: {{ template "vault.fullname" . }}-active
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    openbao-active: "true"
+    vault-active: "true"
  annotations:
-{{- template "openbao.service.active.annotations" . }}
+{{- template "vault.service.active.annotations" . }}
-{{- template "openbao.service.annotations" . }}
+{{- template "vault.service.annotations" . }}
 spec:
  {{- if .Values.server.service.type}}
  type: {{ .Values.server.service.type }}
@ -42,7 +42,7 @@ spec:
  {{- include "service.externalTrafficPolicy" .Values.server.service }}
  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
  ports:
-    - name: {{ include "openbao.scheme" . }}
+    - name: {{ include "vault.scheme" . }}
      port: {{ .Values.server.service.port }}
      targetPort: {{ .Values.server.service.targetPort }}
      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
@ -52,12 +52,12 @@ spec:
      port: 8201
      targetPort: 8201
  selector:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    {{- end }}
    component: server
-    openbao-active: "true"
+    vault-active: "true"
 {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/openbao/templates/server-ha-standby-service.yaml
+++ b/charts/openbao/templates/server-ha-standby-service.yaml
@ -3,26 +3,26 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if ne .mode "external" }}
-{{- template "openbao.serverServiceEnabled" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
 {{- if .serverServiceEnabled -}}
 {{- if eq .mode "ha" }}
 {{- if eq (.Values.server.service.standby.enabled | toString) "true" }}
-# Service for standby OpenBao pod
+# Service for standby Vault pod
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "openbao.fullname" . }}-standby
+  name: {{ template "vault.fullname" . }}-standby
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
  annotations:
-{{- template "openbao.service.standby.annotations" . }}
+{{- template "vault.service.standby.annotations" . }}
-{{- template "openbao.service.annotations" . }}
+{{- template "vault.service.annotations" . }}
 spec:
  {{- if .Values.server.service.type}}
  type: {{ .Values.server.service.type }}
@ -41,7 +41,7 @@ spec:
  {{- include "service.externalTrafficPolicy" .Values.server.service }}
  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
  ports:
-    - name: {{ include "openbao.scheme" . }}
+    - name: {{ include "vault.scheme" . }}
      port: {{ .Values.server.service.port }}
      targetPort: {{ .Values.server.service.targetPort }}
      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
@ -51,12 +51,12 @@ spec:
      port: 8201
      targetPort: 8201
  selector:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    {{- end }}
    component: server
-    openbao-active: "false"
+    vault-active: "false"
 {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/openbao/templates/server-headless-service.yaml
+++ b/charts/openbao/templates/server-headless-service.yaml
@ -3,24 +3,24 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if ne .mode "external" }}
-{{- template "openbao.serverServiceEnabled" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
 {{- if .serverServiceEnabled -}}
-# Service for OpenBao cluster
+# Service for Vault cluster
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "openbao.fullname" . }}-internal
+  name: {{ template "vault.fullname" . }}-internal
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    openbao-internal: "true"
+    vault-internal: "true"
  annotations:
-{{ template "openbao.service.annotations" .}}
+{{ template "vault.service.annotations" .}}
 spec:
  {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
  {{- if .Values.server.service.ipFamilyPolicy }}
@ -33,14 +33,14 @@ spec:
  clusterIP: None
  publishNotReadyAddresses: true
  ports:
-    - name: "{{ include "openbao.scheme" . }}"
+    - name: "{{ include "vault.scheme" . }}"
      port: {{ .Values.server.service.port }}
      targetPort: {{ .Values.server.service.targetPort }}
    - name: https-internal
      port: 8201
      targetPort: 8201
  selector:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    component: server
 {{- end }}
--- a/charts/openbao/templates/server-ingress.yaml
+++ b/charts/openbao/templates/server-ingress.yaml
@ -4,12 +4,12 @@ SPDX-License-Identifier: MPL-2.0
 */}}
 {{- if not .Values.global.openshift }}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if ne .mode "external" }}
 {{- if .Values.server.ingress.enabled -}}
 {{- $extraPaths := .Values.server.ingress.extraPaths -}}
-{{- $serviceName := include "openbao.fullname" . -}}
+{{- $serviceName := include "vault.fullname" . -}}
-{{- template "openbao.serverServiceEnabled" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
 {{- if .serverServiceEnabled -}}
 {{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
 {{- $serviceName = printf "%s-%s" $serviceName "active" -}}
@ -20,17 +20,17 @@ SPDX-License-Identifier: MPL-2.0
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ template "openbao.fullname" . }}
+  name: {{ template "vault.fullname" . }}
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    {{- with .Values.server.ingress.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
-  {{- template "openbao.ingress.annotations" . }}
+  {{- template "vault.ingress.annotations" . }}
 spec:
 {{- if .Values.server.ingress.tls }}
  tls:
--- a/charts/openbao/templates/server-network-policy.yaml
+++ b/charts/openbao/templates/server-network-policy.yaml
@ -7,16 +7,23 @@ SPDX-License-Identifier: MPL-2.0
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name: {{ template "openbao.fullname" . }}
+  name: {{ template "vault.fullname" . }}
  labels:
-    app.kubernetes.io/name: {{ template "openbao.name" . }}
+    app.kubernetes.io/name: {{ template "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
 spec:
  podSelector:
    matchLabels:
-      app.kubernetes.io/name: {{ template "openbao.name" . }}
+      app.kubernetes.io/name: {{ template "vault.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
-  ingress: {{- toYaml .Values.server.networkPolicy.ingress | nindent 4 }}
+  ingress:
    - from:
        - namespaceSelector: {}
      ports:
      - port: 8200
        protocol: TCP
      - port: 8201
        protocol: TCP
  {{- if .Values.server.networkPolicy.egress }}
  egress:
  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
--- a/charts/openbao/templates/server-psp-role.yaml
+++ b/charts/openbao/templates/server-psp-role.yaml
@ -3,16 +3,16 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if .serverEnabled -}}
 {{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ template "openbao.fullname" . }}-psp
+  name: {{ template "vault.fullname" . }}-psp
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 rules:
@ -20,6 +20,6 @@ rules:
  resources: ['podsecuritypolicies']
  verbs:     ['use']
  resourceNames:
-    - {{ template "openbao.fullname" . }}
+    - {{ template "vault.fullname" . }}
 {{- end }}
 {{- end }}
--- a/charts/openbao/templates/server-psp-rolebinding.yaml
+++ b/charts/openbao/templates/server-psp-rolebinding.yaml
@ -3,24 +3,24 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if .serverEnabled -}}
 {{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ template "openbao.fullname" . }}-psp
+  name: {{ template "vault.fullname" . }}-psp
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 roleRef:
  kind: Role
-  name: {{ template "openbao.fullname" . }}-psp
+  name: {{ template "vault.fullname" . }}-psp
  apiGroup: rbac.authorization.k8s.io
 subjects:
  - kind: ServiceAccount
-    name: {{ template "openbao.fullname" . }}
+    name: {{ template "vault.fullname" . }}
 {{- end }}
 {{- end }}
--- a/charts/openbao/templates/server-psp.yaml
+++ b/charts/openbao/templates/server-psp.yaml
@ -3,18 +3,18 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if .serverEnabled -}}
 {{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
-  name: {{ template "openbao.fullname" . }}
+  name: {{ template "vault.fullname" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- template "openbao.psp.annotations" . }}
+{{- template "vault.psp.annotations" . }}
 spec:
  privileged: false
  # Required to prevent escalations to root.
--- a/charts/openbao/templates/server-route.yaml
+++ b/charts/openbao/templates/server-route.yaml
@ -6,24 +6,24 @@ SPDX-License-Identifier: MPL-2.0
 {{- if .Values.global.openshift }}
 {{- if ne .mode "external" }}
 {{- if .Values.server.route.enabled -}}
-{{- $serviceName := include "openbao.fullname" . -}}
+{{- $serviceName := include "vault.fullname" . -}}
 {{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
 {{- $serviceName = printf "%s-%s" $serviceName "active" -}}
 {{- end }}
 kind: Route
 apiVersion: route.openshift.io/v1
 metadata:
-  name: {{ template "openbao.fullname" . }}
+  name: {{ template "vault.fullname" . }}
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    {{- with .Values.server.route.labels }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
-  {{- template "openbao.route.annotations" . }}
+  {{- template "vault.route.annotations" . }}
 spec:
  host: {{ .Values.server.route.host }}
  to:
--- a/charts/openbao/templates/server-service.yaml
+++ b/charts/openbao/templates/server-service.yaml
@ -3,23 +3,23 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if ne .mode "external" }}
-{{- template "openbao.serverServiceEnabled" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
 {{- if .serverServiceEnabled -}}
-# Service for OpenBao cluster
+# Service for Vault cluster
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "openbao.fullname" . }}
+  name: {{ template "vault.fullname" . }}
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
  annotations:
-{{ template "openbao.service.annotations" .}}
+{{ template "vault.service.annotations" .}}
 spec:
  {{- if .Values.server.service.type}}
  type: {{ .Values.server.service.type }}
@ -40,7 +40,7 @@ spec:
  # since this DNS is also used for join operations.
  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
  ports:
-    - name: {{ include "openbao.scheme" . }}
+    - name: {{ include "vault.scheme" . }}
      port: {{ .Values.server.service.port }}
      targetPort: {{ .Values.server.service.targetPort }}
      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
@ -50,7 +50,7 @@ spec:
      port: 8201
      targetPort: 8201
  selector:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    {{- end }}
--- a/templates/server-serviceaccount-secret.yaml
+++ b/templates/server-serviceaccount-secret.yaml
@ -0,0 +1,21 @@
 {{/*
 Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
 {{ template "vault.serverServiceAccountSecretCreationEnabled" . }}
 {{- if .serverServiceAccountSecretCreationEnabled -}}
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ template "vault.serviceAccount.name" . }}-token
  namespace: {{ include "vault.namespace" . }}
  annotations:
    kubernetes.io/service-account.name: {{ template "vault.serviceAccount.name" . }}
  labels:
    helm.sh/chart: {{ include "vault.chart" . }}
    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 type: kubernetes.io/service-account-token
 {{ end }}
--- a/charts/openbao/templates/server-serviceaccount.yaml
+++ b/charts/openbao/templates/server-serviceaccount.yaml
@ -3,20 +3,20 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.serverServiceAccountEnabled" . }}
+{{ template "vault.serverServiceAccountEnabled" . }}
 {{- if .serverServiceAccountEnabled -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ template "openbao.serviceAccount.name" . }}
+  name: {{ template "vault.serviceAccount.name" . }}
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    {{- if  .Values.server.serviceAccount.extraLabels -}}
      {{- toYaml .Values.server.serviceAccount.extraLabels | nindent 4 -}}
    {{- end -}}
-  {{ template "openbao.serviceAccount.annotations" . }}
+  {{ template "vault.serviceAccount.annotations" . }}
 {{ end }}
--- a/charts/openbao/templates/server-statefulset.yaml
+++ b/charts/openbao/templates/server-statefulset.yaml
@ -3,56 +3,53 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if ne .mode "external" }}
 {{- if ne .mode "" }}
 {{- if .serverEnabled -}}
-# StatefulSet to run the actual openbao server cluster.
+# StatefulSet to run the actual vault server cluster.
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  name: {{ template "openbao.fullname" . }}
+  name: {{ template "vault.fullname" . }}
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
-  {{- template "openbao.statefulSet.annotations" . }}
+  {{- template "vault.statefulSet.annotations" . }}
 spec:
-  serviceName: {{ template "openbao.fullname" . }}-internal
+  serviceName: {{ template "vault.fullname" . }}-internal
  podManagementPolicy: Parallel
-  replicas: {{ template "openbao.replicas" . }}
+  replicas: {{ template "vault.replicas" . }}
  updateStrategy:
    type: {{ .Values.server.updateStrategyType }}
  {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.server.persistentVolumeClaimRetentionPolicy) }}
  persistentVolumeClaimRetentionPolicy: {{ toYaml .Values.server.persistentVolumeClaimRetentionPolicy | nindent 4 }}
  {{- end }}
  selector:
    matchLabels:
-      app.kubernetes.io/name: {{ template "openbao.name" . }}
+      app.kubernetes.io/name: {{ template "vault.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
      component: server
  template:
    metadata:
      labels:
-        helm.sh/chart: {{ template "openbao.chart" . }}
+        helm.sh/chart: {{ template "vault.chart" . }}
-        app.kubernetes.io/name: {{ template "openbao.name" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
        component: server
        {{- if  .Values.server.extraLabels -}}
          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
        {{- end -}}
-      {{ template "openbao.annotations" . }}
+      {{ template "vault.annotations" . }}
    spec:
-      {{ template "openbao.affinity" . }}
+      {{ template "vault.affinity" . }}
-      {{ template "openbao.topologySpreadConstraints" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
-      {{ template "openbao.tolerations" . }}
+      {{ template "vault.tolerations" . }}
-      {{ template "openbao.nodeselector" . }}
+      {{ template "vault.nodeselector" . }}
      {{- if .Values.server.priorityClassName }}
      priorityClassName: {{ .Values.server.priorityClassName }}
      {{- end }}
      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
-      serviceAccountName: {{ template "openbao.serviceAccount.name" . }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
      {{ if  .Values.server.shareProcessNamespace }}
      shareProcessNamespace: true
      {{ end }}
@ -61,7 +58,7 @@ spec:
      hostNetwork: {{ .Values.server.hostNetwork }}
      {{- end }}
      volumes:
-        {{ template "openbao.volumes" . }}
+        {{ template "vault.volumes" . }}
        - name: home
          emptyDir: {}
      {{- if .Values.server.hostAliases }}
@ -73,14 +70,14 @@ spec:
        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
      {{- end }}
      containers:
-        - name: openbao
+        - name: vault
-          {{ template "openbao.resources" . }}
+          {{ template "vault.resources" . }}
-          image: {{ .Values.server.image.registry | default "docker.io" }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
          command:
          - "/bin/sh"
          - "-ec"
-          args: {{ template "openbao.args" . }}
+          args: {{ template "vault.args" . }}
          {{- template "server.statefulSet.securityContext.container" . }}
          env:
            - name: HOST_IP
@ -91,21 +88,21 @@ spec:
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
-            - name: BAO_K8S_POD_NAME
+            - name: VAULT_K8S_POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
-            - name: BAO_K8S_NAMESPACE
+            - name: VAULT_K8S_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
-            - name: BAO_ADDR
+            - name: VAULT_ADDR
-              value: "{{ include "openbao.scheme" . }}://127.0.0.1:8200"
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
-            - name: BAO_API_ADDR
+            - name: VAULT_API_ADDR
              {{- if .Values.server.ha.apiAddr }}
              value: {{ .Values.server.ha.apiAddr }}
              {{- else }}
-              value: "{{ include "openbao.scheme" . }}://$(POD_IP):8200"
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
              {{- end }}
            - name: SKIP_CHOWN
              value: "true"
@ -115,42 +112,46 @@ spec:
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
-            - name: BAO_CLUSTER_ADDR
+            - name: VAULT_CLUSTER_ADDR
              {{- if .Values.server.ha.clusterAddr }}
              value: {{ .Values.server.ha.clusterAddr | quote }}
              {{- else }}
-              value: "https://$(HOSTNAME).{{ template "openbao.fullname" . }}-internal:8201"
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
              {{- end }}
            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
-            - name: BAO_RAFT_NODE_ID
+            - name: VAULT_RAFT_NODE_ID
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            {{- end }}
            - name: HOME
-              value: "/home/openbao"
+              value: "/home/vault"
            {{- if .Values.server.logLevel }}
-            - name: BAO_LOG_LEVEL
+            - name: VAULT_LOG_LEVEL
              value: "{{ .Values.server.logLevel }}"
            {{- end }}
            {{- if .Values.server.logFormat }}
-            - name: BAO_LOG_FORMAT
+            - name: VAULT_LOG_FORMAT
              value: "{{ .Values.server.logFormat }}"
            {{- end }}
-            {{ template "openbao.envs" . }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
-            {{- include "openbao.extraEnvironmentVars" .Values.server | nindent 12 }}
+            - name: VAULT_LICENSE_PATH
-            {{- include "openbao.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
            {{- end }}
            {{ template "vault.envs" . }}
            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
          volumeMounts:
-          {{ template "openbao.mounts" . }}
+          {{ template "vault.mounts" . }}
            - name: home
-              mountPath: /home/openbao
+              mountPath: /home/vault
          ports:
            - containerPort: 8200
-              name: {{ include "openbao.scheme" . }}
+              name: {{ include "vault.scheme" . }}
            - containerPort: 8201
              name: https-internal
            - containerPort: 8202
-              name: {{ include "openbao.scheme" . }}-rep
+              name: {{ include "vault.scheme" . }}-rep
          {{- if .Values.server.extraPorts -}}
          {{ toYaml .Values.server.extraPorts | nindent 12}}
          {{- end }}
@ -160,15 +161,15 @@ spec:
            httpGet:
              path: {{ .Values.server.readinessProbe.path | quote }}
              port: {{ .Values.server.readinessProbe.port }}
-              scheme: {{ include "openbao.scheme" . | upper }}
+              scheme: {{ include "vault.scheme" . | upper }}
            {{- else }}
-            # Check status; unsealed openbao servers return 0
+            # Check status; unsealed vault servers return 0
            # The exit code reflects the seal status:
            #   0 - unsealed
            #   1 - error
            #   2 - sealed
            exec:
-              command: ["/bin/sh", "-ec", "bao status -tls-skip-verify"]
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
            {{- end }}
            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
@ -178,18 +179,10 @@ spec:
          {{- end }}
          {{- if .Values.server.livenessProbe.enabled }}
          livenessProbe:
            {{- if .Values.server.livenessProbe.execCommand }}
            exec:
              command:
                {{- range (.Values.server.livenessProbe.execCommand) }}
                - {{ . | quote }}
                {{- end }}
            {{- else }}
            httpGet:
              path: {{ .Values.server.livenessProbe.path | quote }}
              port: {{ .Values.server.livenessProbe.port }}
-              scheme: {{ include "openbao.scheme" . | upper }}
+              scheme: {{ include "vault.scheme" . | upper }}
            {{- end }}
            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
@ -197,7 +190,7 @@ spec:
            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
          {{- end }}
          lifecycle:
-            # openbao container doesn't receive SIGTERM from Kubernetes
+            # Vault container doesn't receive SIGTERM from Kubernetes
            # and after the grace period ends, Kube sends SIGKILL.  This
            # causes issues with graceful shutdowns such as deregistering itself
            # from Consul (zombie services).
@ -208,7 +201,7 @@ spec:
                  # Adding a sleep here to give the pod eviction a
                  # chance to propagate, so requests will not be made
                  # to this pod while it's terminating
-                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof bao)",
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
                ]
            {{- if .Values.server.postStart }}
            postStart:
@ -222,7 +215,7 @@ spec:
          {{ toYaml .Values.server.extraContainers | nindent 8}}
        {{- end }}
      {{- include "imagePullSecrets" . | nindent 6 }}
-  {{ template "openbao.volumeclaims" . }}
+  {{ template "vault.volumeclaims" . }}
 {{ end }}
 {{ end }}
 {{ end }}
--- a/charts/openbao/templates/tests/server-test.yaml
+++ b/charts/openbao/templates/tests/server-test.yaml
@ -3,42 +3,42 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if ne .mode "external" }}
 {{- if .serverEnabled -}}
 apiVersion: v1
 kind: Pod
 metadata:
-  name: {{ template "openbao.fullname" . }}-server-test
+  name: {{ template "vault.fullname" . }}-server-test
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  annotations:
    "helm.sh/hook": test
 spec:
  {{- include "imagePullSecrets" . | nindent 2 }}
  containers:
    - name: {{ .Release.Name }}-server-test
-      image: {{ .Values.server.image.registry | default "docker.io" }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
      env:
        - name: VAULT_ADDR
-          value: {{ include "openbao.scheme" . }}://{{ template "openbao.fullname" . }}.{{ include "openbao.namespace" . }}.svc:{{ .Values.server.service.port }}
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
-        {{- include "openbao.extraEnvironmentVars" .Values.server | nindent 8 }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
      command:
        - /bin/sh
        - -c
        - |
-          echo "Checking for sealed info in 'bao status' output"
+          echo "Checking for sealed info in 'vault status' output"
          ATTEMPTS=10
          n=0
          until [ "$n" -ge $ATTEMPTS ]
          do
            echo "Attempt" $n...
-            bao status -format yaml | grep -E '^sealed: (true|false)' && break
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
            n=$((n+1))
            sleep 5
          done
          if [ $n -ge $ATTEMPTS ]; then
-            echo "timed out looking for sealed info in 'bao status' output"
+            echo "timed out looking for sealed info in 'vault status' output"
            exit 1
          fi
--- a/charts/openbao/templates/ui-service.yaml
+++ b/charts/openbao/templates/ui-service.yaml
@ -3,22 +3,22 @@ Copyright (c) HashiCorp, Inc.
 SPDX-License-Identifier: MPL-2.0
 */}}
-{{ template "openbao.mode" . }}
+{{ template "vault.mode" . }}
 {{- if ne .mode "external" }}
-{{- template "openbao.uiEnabled" . -}}
+{{- template "vault.uiEnabled" . -}}
 {{- if .uiEnabled -}}
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "openbao.fullname" . }}-ui
+  name: {{ template "vault.fullname" . }}-ui
-  namespace: {{ include "openbao.namespace" . }}
+  namespace: {{ include "vault.namespace" . }}
  labels:
-    helm.sh/chart: {{ include "openbao.chart" . }}
+    helm.sh/chart: {{ include "vault.chart" . }}
-    app.kubernetes.io/name: {{ include "openbao.name" . }}-ui
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
-  {{- template "openbao.ui.annotations" . }}
+  {{- template "vault.ui.annotations" . }}
 spec:
  {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
  {{- if .Values.ui.serviceIPFamilyPolicy }}
@ -29,15 +29,15 @@ spec:
  {{- end }}
  {{- end }}
  selector:
-    app.kubernetes.io/name: {{ include "openbao.name" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    component: server
-    {{- if and (.Values.ui.activeOpenbaoPodOnly) (eq .mode "ha") }}
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
-    openbao-active: "true"
+    vault-active: "true"
    {{- end }}
  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
  ports:
-    - name: {{ include "openbao.scheme" . }}
+    - name: {{ include "vault.scheme" . }}
      port: {{ .Values.ui.externalPort }}
      targetPort: {{ .Values.ui.targetPort }}
      {{- if .Values.ui.serviceNodePort }}
--- a/test/README.md
+++ b/test/README.md
@ -1,9 +1,11 @@
-# OpenBao Helm Tests
+# Vault Helm Tests
-## Running OpenBao Helm Acceptance tests
+## Running Vault Helm Acceptance tests
 The Makefile at the top level of this repo contains a few target that should help with running acceptance tests in your own GKE instance or in a kind cluster.
 Note that for the Vault Enterprise tests to pass, a `VAULT_LICENSE_CI` environment variable needs to be set to the contents of a valid Vault Enterprise license.
 ### Running in a GKE cluster
 * Set the `GOOGLE_CREDENTIALS` and `CLOUDSDK_CORE_PROJECT` variables at the top of the file. `GOOGLE_CREDENTIALS` should contain the local path to your Google Cloud Platform account credentials in JSON format. `CLOUDSDK_CORE_PROJECT` should be set to the ID of your GCP project.
@ -47,7 +49,7 @@ editing will be required, since several properties accept multiple data types.
 ## Helm test
-OpenBao Helm also contains a simple helm test under
+Vault Helm also contains a simple helm test under
 [templates/tests/](../templates/tests/) that may be run against a helm release:
    helm test <RELEASE_NAME>
--- a/test/acceptance/_helpers.bash
+++ b/test/acceptance/_helpers.bash
@ -3,15 +3,15 @@
 # name_prefix returns the prefix of the resources within Kubernetes.
 name_prefix() {
-    printf "openbao"
+    printf "vault"
 }
 # chart_dir returns the directory for the chart
 chart_dir() {
-    echo ${BATS_TEST_DIRNAME}/../../charts/openbao
+    echo ${BATS_TEST_DIRNAME}/../..
 }
-# helm_install installs the openbao chart. This will source overridable
+# helm_install installs the vault chart. This will source overridable
 # values from the "values.yaml" file in this directory. This can be set
 # by CI or other environments to do test-specific overrides. Note that its
 # easily possible to break tests this way so be careful.
@ -22,11 +22,11 @@ helm_install() {
    fi
    helm install -f ${values} \
-        --name openbao \
+        --name vault \
-        ${BATS_TEST_DIRNAME}/../../charts/openbao
+        ${BATS_TEST_DIRNAME}/../..
 }
-# helm_install_ha installs the openbao chart using HA mode. This will source
+# helm_install_ha installs the vault chart using HA mode. This will source
 # overridable values from the "values.yaml" file in this directory. This can be
 # set by CI or other environments to do test-specific overrides. Note that its
 # easily possible to break tests this way so be careful.
@ -37,10 +37,10 @@ helm_install_ha() {
    fi
    helm install -f ${values} \
-        --name openbao \
+        --name vault \
        --set 'server.enabled=false' \
        --set 'serverHA.enabled=true' \
-        ${BATS_TEST_DIRNAME}/../../charts/openbao
+        ${BATS_TEST_DIRNAME}/../..
 }
 # wait for consul to be ready
@ -52,7 +52,7 @@ wait_for_sealed_vault() {
    POD_NAME=$1
    check() {
-        sealed_status=$(kubectl exec $1 -- bao status -format=json | jq -r '.sealed')
+        sealed_status=$(kubectl exec $1 -- vault status -format=json | jq -r '.sealed')
        if [ "$sealed_status" == "true" ]; then
            return 0
        fi
@ -61,15 +61,15 @@ wait_for_sealed_vault() {
    for i in $(seq 60); do
        if check ${POD_NAME}; then
-            echo "OpenBao on ${POD_NAME} is running."
+            echo "Vault on ${POD_NAME} is running."
            return
        fi
-        echo "Waiting for OpenBao on ${POD_NAME} to be running..."
+        echo "Waiting for Vault on ${POD_NAME} to be running..."
        sleep 2
    done
-    echo "OpenBao on ${POD_NAME} never became running."
+    echo "Vault on ${POD_NAME} never became running."
    return 1
 }
--- a/test/acceptance/csi-test/openbao-kv-secretproviderclass.yaml
+++ b/test/acceptance/csi-test/openbao-kv-secretproviderclass.yaml
@ -1,7 +1,7 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
-# The "Hello World" OpenBao SecretProviderClass
+# The "Hello World" Vault SecretProviderClass
 apiVersion: secrets-store.csi.x-k8s.io/v1
 kind: SecretProviderClass
 metadata:
--- a/test/acceptance/csi-test/openbao-policy.hcl
+++ b/test/acceptance/csi-test/openbao-policy.hcl
--- a/test/acceptance/csi.bats
+++ b/test/acceptance/csi.bats
@ -18,11 +18,11 @@ load _helpers
    --wait --timeout=5m \
    --namespace=acceptance \
    --set linux.image.pullPolicy="IfNotPresent" \
-    --set tokenRequests[0].audience="openbao" \
+    --set tokenRequests[0].audience="vault" \
    --set enableSecretRotation=true \
    --set rotationPollInterval=5s
-  # Install OpenBao and OpenBao provider
+  # Install Vault and Vault provider
-  helm install openbao \
+  helm install vault \
    --wait --timeout=5m \
    --namespace=acceptance \
    --set="server.dev.enabled=true" \
@ -31,23 +31,23 @@ load _helpers
    --set="csi.agent.logLevel=debug" \
    --set="injector.enabled=false" \
    .
-  kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=openbao
+  kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=vault
-  kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=openbao-csi-provider
+  kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=vault-csi-provider
  # Set up k8s auth and a kv secret.
-  cat ../../test/acceptance/csi-test/openbao-policy.hcl | kubectl --namespace=acceptance exec -i openbao-0 -- bao policy write kv-policy -
+  cat ./test/acceptance/csi-test/vault-policy.hcl | kubectl --namespace=acceptance exec -i vault-0 -- vault policy write kv-policy -
-  kubectl --namespace=acceptance exec openbao-0 -- bao auth enable kubernetes
+  kubectl --namespace=acceptance exec vault-0 -- vault auth enable kubernetes
-  kubectl --namespace=acceptance exec openbao-0 -- sh -c 'bao write auth/kubernetes/config \
+  kubectl --namespace=acceptance exec vault-0 -- sh -c 'vault write auth/kubernetes/config \
    kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443"'
-  kubectl --namespace=acceptance exec openbao-0 -- bao write auth/kubernetes/role/kv-role \
+  kubectl --namespace=acceptance exec vault-0 -- vault write auth/kubernetes/role/kv-role \
    bound_service_account_names=nginx \
    bound_service_account_namespaces=acceptance \
    policies=kv-policy \
    ttl=20m
-  kubectl --namespace=acceptance exec openbao-0 -- bao kv put secret/kv1 bar1=hello1
+  kubectl --namespace=acceptance exec vault-0 -- vault kv put secret/kv1 bar1=hello1
-  kubectl --namespace=acceptance apply -f ../../test/acceptance/csi-test/openbao-kv-secretproviderclass.yaml
+  kubectl --namespace=acceptance apply -f ./test/acceptance/csi-test/vault-kv-secretproviderclass.yaml
-  kubectl --namespace=acceptance apply -f ../../test/acceptance/csi-test/nginx.yaml
+  kubectl --namespace=acceptance apply -f ./test/acceptance/csi-test/nginx.yaml
  kubectl --namespace=acceptance wait --for=condition=Ready --timeout=5m pod nginx
  result=$(kubectl --namespace=acceptance exec nginx -- cat /mnt/secrets-store/bar)
@ -55,7 +55,7 @@ load _helpers
  for i in $(seq 10); do
    sleep 2
-    if [ "$(kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-agent | grep "secret renewed: path=/v1/auth/kubernetes/login")" ]; then
+    if [ "$(kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=vault-csi-provider" -c vault-agent | grep "secret renewed: path=/v1/auth/kubernetes/login")" ]; then
        echo "Agent returned a cached login response"
        return
    fi
@ -65,8 +65,8 @@ load _helpers
  # Print the logs and fail the test
  echo "Failed to find a log for the Agent renewing CSI's auth token"
-  kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-agent
+  kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=vault-csi-provider" -c vault-agent
-  kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=openbao-csi-provider" -c openbao-csi-provider
+  kubectl --namespace=acceptance logs --tail=-1 -l "app.kubernetes.io/name=vault-csi-provider" -c vault-csi-provider
  exit 1
 }
@ -75,7 +75,7 @@ teardown() {
  if [[ ${CLEANUP:-true} == "true" ]]
  then
      echo "helm/pvc teardown"
-      helm --namespace=acceptance delete openbao
+      helm --namespace=acceptance delete vault
      helm --namespace=acceptance delete secrets-store-csi-driver
      kubectl delete --all pvc
      kubectl delete namespace acceptance
--- a/test/acceptance/helm-test.bats
+++ b/test/acceptance/helm-test.bats
@ -20,7 +20,7 @@ teardown() {
  if [[ ${CLEANUP:-true} == "true" ]]
  then
      echo "helm/pvc teardown"
-      helm delete openbao
+      helm delete vault
      kubectl delete --all pvc
      kubectl delete namespace acceptance --ignore-not-found=true
  fi
--- a/test/acceptance/injector-leader-elector.bats
+++ b/test/acceptance/injector-leader-elector.bats
@ -13,9 +13,9 @@ load _helpers
    --wait \
    --timeout=5m \
    --set="injector.replicas=3" .
-  kubectl wait --for condition=Ready pod -l app.kubernetes.io/name=openbao-agent-injector --timeout=5m
+  kubectl wait --for condition=Ready pod -l app.kubernetes.io/name=vault-agent-injector --timeout=5m
-  pods=($(kubectl get pods -l app.kubernetes.io/name=openbao-agent-injector -o json | jq -r '.items[] | .metadata.name'))
+  pods=($(kubectl get pods -l app.kubernetes.io/name=vault-agent-injector -o json | jq -r '.items[] | .metadata.name'))
  [ "${#pods[@]}" == 3 ]
  leader=''
@ -45,7 +45,7 @@ teardown() {
  if [[ ${CLEANUP:-true} == "true" ]]
  then
      echo "helm/pvc teardown"
-      helm delete openbao
+      helm delete vault
      kubectl delete --all pvc
      kubectl delete namespace acceptance
  fi
--- a/test/acceptance/injector-test/bootstrap.sh
+++ b/test/acceptance/injector-test/bootstrap.sh
@ -5,40 +5,40 @@
 OUTPUT=/tmp/output.txt
-bao operator init -n 1 -t 1 >> ${OUTPUT?}
+vault operator init -n 1 -t 1 >> ${OUTPUT?}
 unseal=$(cat ${OUTPUT?} | grep "Unseal Key 1:" | sed -e "s/Unseal Key 1: //g")
 root=$(cat ${OUTPUT?} | grep "Initial Root Token:" | sed -e "s/Initial Root Token: //g")
-bao operator unseal ${unseal?}
+vault operator unseal ${unseal?}
-bao login -no-print ${root?}
+vault login -no-print ${root?}
-bao policy write db-backup /openbao/userconfig/test/pgdump-policy.hcl
+vault policy write db-backup /vault/userconfig/test/pgdump-policy.hcl
-bao auth enable kubernetes
+vault auth enable kubernetes
-bao write auth/kubernetes/config \
+vault write auth/kubernetes/config \
   token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
   kubernetes_host=https://${KUBERNETES_PORT_443_TCP_ADDR}:443 \
   kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-bao write auth/kubernetes/role/db-backup \
+vault write auth/kubernetes/role/db-backup \
    bound_service_account_names=pgdump \
    bound_service_account_namespaces=acceptance \
    policies=db-backup \
    ttl=1h
-bao secrets enable database
+vault secrets enable database
-bao write database/config/postgresql \
+vault write database/config/postgresql \
    plugin_name=postgresql-database-plugin \
    allowed_roles="db-backup" \
    connection_url="postgresql://{{username}}:{{password}}@postgres:5432/mydb?sslmode=disable" \
-    username="openbao" \
+    username="vault" \
-    password="openbao"
+    password="vault"
-bao write database/roles/db-backup \
+vault write database/roles/db-backup \
    db_name=postgresql \
    creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
        GRANT CONNECT ON DATABASE mydb TO \"{{name}}\"; \
--- a/test/acceptance/injector-test/pg-deployment.yaml
+++ b/test/acceptance/injector-test/pg-deployment.yaml
@ -63,8 +63,8 @@ metadata:
    app: postgres
 data:
  setup.sql: |
-    CREATE ROLE openbao;
+    CREATE ROLE vault;
-    ALTER ROLE openbao WITH SUPERUSER LOGIN PASSWORD 'openbao';
+    ALTER ROLE vault WITH SUPERUSER LOGIN PASSWORD 'vault';
    \c mydb 
    CREATE SCHEMA app;
--- a/test/acceptance/injector.bats
+++ b/test/acceptance/injector.bats
@ -9,15 +9,15 @@ load _helpers
  kubectl create namespace acceptance
  kubectl config set-context --current --namespace=acceptance
-  kubectl create -f ../../test/acceptance/injector-test/pg-deployment.yaml
+  kubectl create -f ./test/acceptance/injector-test/pg-deployment.yaml
  sleep 5
  wait_for_ready $(kubectl get pod -l app=postgres -o jsonpath="{.items[0].metadata.name}")
  kubectl create secret generic test \
-    --from-file ../../test/acceptance/injector-test/pgdump-policy.hcl \
+    --from-file ./test/acceptance/injector-test/pgdump-policy.hcl \
-    --from-file ../../test/acceptance/injector-test/bootstrap.sh
+    --from-file ./test/acceptance/injector-test/bootstrap.sh 
-  kubectl label secret test app=openbao-agent-demo
+  kubectl label secret test app=vault-agent-demo
  helm install "$(name_prefix)" \
    --set="server.extraVolumes[0].type=secret" \
@ -26,20 +26,20 @@ load _helpers
  wait_for_ready $(kubectl get pod -l component=webhook -o jsonpath="{.items[0].metadata.name}")
-  kubectl exec -ti "$(name_prefix)-0" -- /bin/sh -c "cp /openbao/userconfig/test/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh"
+  kubectl exec -ti "$(name_prefix)-0" -- /bin/sh -c "cp /vault/userconfig/test/bootstrap.sh /tmp/bootstrap.sh && chmod +x /tmp/bootstrap.sh && /tmp/bootstrap.sh"
  sleep 5
    # Sealed, not initialized
-  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.sealed' )
  [ "${sealed_status}" == "false" ]
-  local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local init_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "true" ] 
-  kubectl create -f ../../test/acceptance/injector-test/job.yaml
+  kubectl create -f ./test/acceptance/injector-test/job.yaml
  wait_for_complete_job "pgdump"
 }
@ -48,7 +48,7 @@ teardown() {
  if [[ ${CLEANUP:-true} == "true" ]]
  then
      echo "helm/pvc teardown"
-      helm delete openbao
+      helm delete vault
      kubectl delete --all pvc
      kubectl delete secret test 
      kubectl delete job pgdump
--- a/test/acceptance/server-annotations.bats
+++ b/test/acceptance/server-annotations.bats
@ -8,7 +8,7 @@ load _helpers
  kubectl create namespace acceptance
  kubectl config set-context --current --namespace=acceptance
-  helm install "$(name_prefix)" -f ../../test/acceptance/server-test/annotations-overrides.yaml .
+  helm install "$(name_prefix)" -f ./test/acceptance/server-test/annotations-overrides.yaml .
  wait_for_running $(name_prefix)-0
  # service annotations
--- a/test/acceptance/server-dev.bats
+++ b/test/acceptance/server-dev.bats
@ -43,11 +43,11 @@ load _helpers
  [ "${ports}" == "8201" ]
  # Sealed, not initialized
-  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.sealed' )
  [ "${sealed_status}" == "false" ]
-  local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local init_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "true" ]
 }
@ -57,7 +57,7 @@ teardown() {
  if [[ ${CLEANUP:-true} == "true" ]]
  then
      echo "helm/pvc teardown"
-      helm delete openbao
+      helm delete vault
      kubectl delete --all pvc
      kubectl delete namespace acceptance --ignore-not-found=true
  fi
--- a/test/acceptance/server-ha-enterprise-dr.bats
+++ b/test/acceptance/server-ha-enterprise-dr.bats
@ -0,0 +1,166 @@
 #!/usr/bin/env bats
 load _helpers
@test "server/ha-enterprise-raft: testing DR deployment" {
  cd `chart_dir`
  helm install "$(name_prefix)-east" \
    --set='server.image.repository=hashicorp/vault-enterprise' \
    --set="server.image.tag=$(yq -r '.server.image.tag' values.yaml)-ent" \
    --set='injector.enabled=false' \
    --set='server.ha.enabled=true' \
    --set='server.ha.raft.enabled=true' \
    --set='server.enterpriseLicense.secretName=vault-license' .
  wait_for_running "$(name_prefix)-east-0"
  # Sealed, not initialized
  wait_for_sealed_vault $(name_prefix)-east-0
  local init_status=$(kubectl exec "$(name_prefix)-east-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "false" ]
  # Vault Init
  local init=$(kubectl exec -ti "$(name_prefix)-east-0" -- \
    vault operator init -format=json -n 1 -t 1)
  local primary_token=$(echo ${init} | jq -r '.unseal_keys_b64[0]')
  [ "${primary_token}" != "" ]
  local primary_root=$(echo ${init} | jq -r '.root_token')
  [ "${primary_root}" != "" ]
  kubectl exec -ti "$(name_prefix)-east-0" -- vault operator unseal ${primary_token}
  wait_for_ready "$(name_prefix)-east-0"
  sleep 10
  # Vault Unseal
  local pods=($(kubectl get pods --selector='app.kubernetes.io/name=vault' -o json | jq -r '.items[].metadata.name'))
  for pod in "${pods[@]}"
  do
      if [[ ${pod?} != "$(name_prefix)-east-0" ]]
      then
          kubectl exec -ti ${pod} -- vault operator raft join http://$(name_prefix)-east-0.$(name_prefix)-east-internal:8200
          kubectl exec -ti ${pod} -- vault operator unseal ${primary_token}
          wait_for_ready "${pod}"
      fi
  done
  # Unsealed, initialized
  local sealed_status=$(kubectl exec "$(name_prefix)-east-0" -- vault status -format=json |
    jq -r '.sealed' )
  [ "${sealed_status}" == "false" ]
  local init_status=$(kubectl exec "$(name_prefix)-east-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "true" ]
  kubectl exec "$(name_prefix)-east-0" -- vault login ${primary_root}
  local raft_status=$(kubectl exec "$(name_prefix)-east-0" -- vault operator raft list-peers -format=json |
    jq -r '.data.config.servers | length')
  [ "${raft_status}" == "3" ]
  kubectl exec -ti $(name_prefix)-east-0 -- vault write -f sys/replication/dr/primary/enable primary_cluster_addr=https://$(name_prefix)-east-active:8201
  local secondary=$(kubectl exec -ti "$(name_prefix)-east-0" -- vault write sys/replication/dr/primary/secondary-token id=secondary -format=json)
  [ "${secondary}" != "" ]
  local secondary_replica_token=$(echo ${secondary} | jq -r '.wrap_info.token')
  [ "${secondary_replica_token}" != "" ]
  # Install vault-west
  helm install "$(name_prefix)-west" \
    --set='injector.enabled=false' \
    --set='server.image.repository=hashicorp/vault-enterprise' \
    --set="server.image.tag=$(yq -r '.server.image.tag' values.yaml)-ent" \
    --set='server.ha.enabled=true' \
    --set='server.ha.raft.enabled=true' \
    --set='server.enterpriseLicense.secretName=vault-license' .
  wait_for_running "$(name_prefix)-west-0"
  # Sealed, not initialized
  wait_for_sealed_vault $(name_prefix)-west-0
  local init_status=$(kubectl exec "$(name_prefix)-west-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "false" ]
  # Vault Init
  local init=$(kubectl exec -ti "$(name_prefix)-west-0" -- \
    vault operator init -format=json -n 1 -t 1)
  local secondary_token=$(echo ${init} | jq -r '.unseal_keys_b64[0]')
  [ "${secondary_token}" != "" ]
  local secondary_root=$(echo ${init} | jq -r '.root_token')
  [ "${secondary_root}" != "" ]
  kubectl exec -ti "$(name_prefix)-west-0" -- vault operator unseal ${secondary_token}
  wait_for_ready "$(name_prefix)-west-0"
  sleep 10
  # Vault Unseal
  local pods=($(kubectl get pods --selector='app.kubernetes.io/instance=vault-west' -o json | jq -r '.items[].metadata.name'))
  for pod in "${pods[@]}"
  do
      if [[ ${pod?} != "$(name_prefix)-west-0" ]]
      then
          kubectl exec -ti ${pod} -- vault operator raft join http://$(name_prefix)-west-0.$(name_prefix)-west-internal:8200
          kubectl exec -ti ${pod} -- vault operator unseal ${secondary_token}
          wait_for_ready "${pod}"
      fi
  done
  # Unsealed, initialized
  local sealed_status=$(kubectl exec "$(name_prefix)-west-0" -- vault status -format=json |
    jq -r '.sealed' )
  [ "${sealed_status}" == "false" ]
  local init_status=$(kubectl exec "$(name_prefix)-west-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "true" ]
  kubectl exec "$(name_prefix)-west-0" -- vault login ${secondary_root}
  local raft_status=$(kubectl exec "$(name_prefix)-west-0" -- vault operator raft list-peers -format=json |
    jq -r '.data.config.servers | length')
  [ "${raft_status}" == "3" ]
  kubectl exec -ti "$(name_prefix)-west-0" -- vault write sys/replication/dr/secondary/enable token=${secondary_replica_token}
  sleep 10
  local pods=($(kubectl get pods --selector='app.kubernetes.io/instance=vault-west' -o json | jq -r '.items[].metadata.name'))
  for pod in "${pods[@]}"
  do
      if [[ ${pod?} != "$(name_prefix)-west-0" ]]
      then
          kubectl delete pod "${pod?}"
          wait_for_running "${pod?}"
          kubectl exec -ti ${pod} -- vault operator unseal ${primary_token}
          wait_for_ready "${pod}"
      fi
  done
 }
 setup() {
  kubectl delete namespace acceptance --ignore-not-found=true
  kubectl create namespace acceptance
  kubectl config set-context --current --namespace=acceptance
  kubectl create secret generic vault-license --from-literal license=$VAULT_LICENSE_CI
 }
 #cleanup
 teardown() {
  if [[ ${CLEANUP:-true} == "true" ]]
  then
 	  helm delete vault-east
 	  helm delete vault-west
 	  kubectl delete --all pvc
 	  kubectl delete namespace acceptance --ignore-not-found=true
  fi
 }
--- a/test/acceptance/server-ha-enterprise-perf.bats
+++ b/test/acceptance/server-ha-enterprise-perf.bats
@ -0,0 +1,164 @@
 #!/usr/bin/env bats
 load _helpers
@test "server/ha-enterprise-raft: testing performance replica deployment" {
  cd `chart_dir`
  helm install "$(name_prefix)-east" \
    --set='injector.enabled=false' \
    --set='server.image.repository=hashicorp/vault-enterprise' \
    --set="server.image.tag=$(yq -r '.server.image.tag' values.yaml)-ent" \
    --set='server.ha.enabled=true' \
    --set='server.ha.raft.enabled=true' \
    --set='server.enterpriseLicense.secretName=vault-license' .
  wait_for_running "$(name_prefix)-east-0"
  # Sealed, not initialized
  wait_for_sealed_vault $(name_prefix)-east-0
  local init_status=$(kubectl exec "$(name_prefix)-east-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "false" ]
  # Vault Init
  local init=$(kubectl exec -ti "$(name_prefix)-east-0" -- \
    vault operator init -format=json -n 1 -t 1)
  local primary_token=$(echo ${init} | jq -r '.unseal_keys_b64[0]')
  [ "${primary_token}" != "" ]
  local primary_root=$(echo ${init} | jq -r '.root_token')
  [ "${primary_root}" != "" ]
  kubectl exec -ti "$(name_prefix)-east-0" -- vault operator unseal ${primary_token}
  wait_for_ready "$(name_prefix)-east-0"
  sleep 30
  # Vault Unseal
  local pods=($(kubectl get pods --selector='app.kubernetes.io/name=vault' -o json | jq -r '.items[].metadata.name'))
  for pod in "${pods[@]}"
  do
      if [[ ${pod?} != "$(name_prefix)-east-0" ]]
      then
          kubectl exec -ti ${pod} -- vault operator raft join http://$(name_prefix)-east-0.$(name_prefix)-east-internal:8200
          kubectl exec -ti ${pod} -- vault operator unseal ${primary_token}
          wait_for_ready "${pod}"
      fi
  done
  # Unsealed, initialized
  local sealed_status=$(kubectl exec "$(name_prefix)-east-0" -- vault status -format=json |
    jq -r '.sealed' )
  [ "${sealed_status}" == "false" ]
  local init_status=$(kubectl exec "$(name_prefix)-east-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "true" ]
  kubectl exec "$(name_prefix)-east-0" -- vault login ${primary_root}
  local raft_status=$(kubectl exec "$(name_prefix)-east-0" -- vault operator raft list-peers -format=json |
    jq -r '.data.config.servers | length')
  [ "${raft_status}" == "3" ]
  kubectl exec -ti $(name_prefix)-east-0 -- vault write -f sys/replication/performance/primary/enable primary_cluster_addr=https://$(name_prefix)-east-active:8201
  local secondary=$(kubectl exec -ti "$(name_prefix)-east-0" -- vault write sys/replication/performance/primary/secondary-token id=secondary -format=json)
  [ "${secondary}" != "" ]
  local secondary_replica_token=$(echo ${secondary} | jq -r '.wrap_info.token')
  [ "${secondary_replica_token}" != "" ]
  # Install vault-west
  helm install "$(name_prefix)-west" \
    --set='injector.enabled=false' \
    --set='server.image.repository=hashicorp/vault-enterprise' \
    --set="server.image.tag=$(yq -r '.server.image.tag' values.yaml)-ent" \
    --set='server.ha.enabled=true' \
    --set='server.ha.raft.enabled=true' \
    --set='server.enterpriseLicense.secretName=vault-license' .
  wait_for_running "$(name_prefix)-west-0"
  # Sealed, not initialized
  wait_for_sealed_vault $(name_prefix)-west-0
  local init_status=$(kubectl exec "$(name_prefix)-west-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "false" ]
  # Vault Init
  local init=$(kubectl exec -ti "$(name_prefix)-west-0" -- \
    vault operator init -format=json -n 1 -t 1)
  local secondary_token=$(echo ${init} | jq -r '.unseal_keys_b64[0]')
  [ "${secondary_token}" != "" ]
  local secondary_root=$(echo ${init} | jq -r '.root_token')
  [ "${secondary_root}" != "" ]
  kubectl exec -ti "$(name_prefix)-west-0" -- vault operator unseal ${secondary_token}
  wait_for_ready "$(name_prefix)-west-0"
  sleep 30
  # Vault Unseal
  local pods=($(kubectl get pods --selector='app.kubernetes.io/instance=vault-west' -o json | jq -r '.items[].metadata.name'))
  for pod in "${pods[@]}"
  do
      if [[ ${pod?} != "$(name_prefix)-west-0" ]]
      then
          kubectl exec -ti ${pod} -- vault operator raft join http://$(name_prefix)-west-0.$(name_prefix)-west-internal:8200
          kubectl exec -ti ${pod} -- vault operator unseal ${secondary_token}
          wait_for_ready "${pod}"
      fi
  done
  # Unsealed, initialized
  local sealed_status=$(kubectl exec "$(name_prefix)-west-0" -- vault status -format=json |
    jq -r '.sealed' )
  [ "${sealed_status}" == "false" ]
  local init_status=$(kubectl exec "$(name_prefix)-west-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "true" ]
  kubectl exec "$(name_prefix)-west-0" -- vault login ${secondary_root}
  local raft_status=$(kubectl exec "$(name_prefix)-west-0" -- vault operator raft list-peers -format=json |
    jq -r '.data.config.servers | length')
  [ "${raft_status}" == "3" ]
  kubectl exec -ti "$(name_prefix)-west-0" -- vault write sys/replication/performance/secondary/enable token=${secondary_replica_token}
  sleep 30
  local pods=($(kubectl get pods --selector='app.kubernetes.io/instance=vault-west' -o json | jq -r '.items[].metadata.name'))
  for pod in "${pods[@]}"
  do
      if [[ ${pod?} != "$(name_prefix)-west-0" ]]
      then
          kubectl exec -ti ${pod} -- vault operator unseal ${primary_token}
          wait_for_ready "${pod}"
      fi
  done
 }
 setup() {
  kubectl delete namespace acceptance --ignore-not-found=true
  kubectl create namespace acceptance
  kubectl config set-context --current --namespace=acceptance
  kubectl create secret generic vault-license --from-literal license=$VAULT_LICENSE_CI
 }
 #cleanup
 teardown() {
  if [[ ${CLEANUP:-true} == "true" ]]
  then
      helm delete vault-east
      helm delete vault-west
      kubectl delete --all pvc
      kubectl delete namespace acceptance --ignore-not-found=true
  fi
 }
--- a/test/acceptance/server-ha-raft.bats
+++ b/test/acceptance/server-ha-raft.bats
@ -13,7 +13,7 @@ load _helpers
  # Sealed, not initialized
  wait_for_sealed_vault $(name_prefix)-0
-  local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local init_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "false" ]
@ -57,9 +57,9 @@ load _helpers
    jq -r '.spec.ports[1].port')
  [ "${ports}" == "8201" ]
-  # OpenBao Init
+  # Vault Init
  local init=$(kubectl exec -ti "$(name_prefix)-0" -- \
-    bao operator init -format=json -n 1 -t 1)
+    vault operator init -format=json -n 1 -t 1)
  local token=$(echo ${init} | jq -r '.unseal_keys_b64[0]')
  [ "${token}" != "" ]
@ -67,35 +67,35 @@ load _helpers
  local root=$(echo ${init} | jq -r '.root_token')
  [ "${root}" != "" ]
-  kubectl exec -ti openbao-0 -- bao operator unseal ${token}
+  kubectl exec -ti vault-0 -- vault operator unseal ${token}
  wait_for_ready "$(name_prefix)-0"
  sleep 5
-  # OpenBao Unseal
+  # Vault Unseal
-  local pods=($(kubectl get pods --selector='app.kubernetes.io/name=openbao' -o json | jq -r '.items[].metadata.name'))
+  local pods=($(kubectl get pods --selector='app.kubernetes.io/name=vault' -o json | jq -r '.items[].metadata.name'))
  for pod in "${pods[@]}"
  do
      if [[ ${pod?} != "$(name_prefix)-0" ]]
      then
-          kubectl exec -ti ${pod} -- bao operator raft join http://$(name_prefix)-0.$(name_prefix)-internal:8200
+          kubectl exec -ti ${pod} -- vault operator raft join http://$(name_prefix)-0.$(name_prefix)-internal:8200
-          kubectl exec -ti ${pod} -- bao operator unseal ${token}
+          kubectl exec -ti ${pod} -- vault operator unseal ${token}
          wait_for_ready "${pod}"
      fi
  done
  # Sealed, not initialized
-  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.sealed' )
  [ "${sealed_status}" == "false" ]
-  local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local init_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "true" ]
-  kubectl exec "$(name_prefix)-0" -- bao login ${root}
+  kubectl exec "$(name_prefix)-0" -- vault login ${root}
-  local raft_status=$(kubectl exec "$(name_prefix)-0" -- bao operator raft list-peers -format=json |
+  local raft_status=$(kubectl exec "$(name_prefix)-0" -- vault operator raft list-peers -format=json | 
    jq -r '.data.config.servers | length')
  [ "${raft_status}" == "3" ]
 }
@ -112,9 +112,9 @@ teardown() {
  then
      # If the test failed, print some debug output
      if [[ "$BATS_ERROR_STATUS" -ne 0 ]]; then
-          kubectl logs -l app.kubernetes.io/name=openbao
+          kubectl logs -l app.kubernetes.io/name=vault
      fi
-      helm delete openbao
+      helm delete vault
      kubectl delete --all pvc
      kubectl delete namespace acceptance --ignore-not-found=true
  fi
--- a/test/acceptance/server-ha.bats
+++ b/test/acceptance/server-ha.bats
@ -0,0 +1,121 @@
 #!/usr/bin/env bats
 load _helpers
@test "server/ha: testing deployment" {
  cd `chart_dir`
  helm install "$(name_prefix)" \
    --set='server.ha.enabled=true' .
  wait_for_running $(name_prefix)-0
  # Sealed, not initialized
  wait_for_sealed_vault $(name_prefix)-0
  local init_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "false" ]
  # Replicas
  local replicas=$(kubectl get statefulset "$(name_prefix)" --output json |
    jq -r '.spec.replicas')
  [ "${replicas}" == "3" ]
  # Volume Mounts
  local volumeCount=$(kubectl get statefulset "$(name_prefix)" --output json |
    jq -r '.spec.template.spec.containers[0].volumeMounts | length')
  [ "${volumeCount}" == "2" ]
  # Volumes
  local volumeCount=$(kubectl get statefulset "$(name_prefix)" --output json |
    jq -r '.spec.template.spec.volumes | length')
  [ "${volumeCount}" == "2" ]
  local volume=$(kubectl get statefulset "$(name_prefix)" --output json |
    jq -r '.spec.template.spec.volumes[0].configMap.name')
  [ "${volume}" == "$(name_prefix)-config" ]
  # Service
  local service=$(kubectl get service "$(name_prefix)" --output json |
    jq -r '.spec.clusterIP')
  [ "${service}" != "None" ]
  local service=$(kubectl get service "$(name_prefix)" --output json |
    jq -r '.spec.type')
  [ "${service}" == "ClusterIP" ]
  local ports=$(kubectl get service "$(name_prefix)" --output json |
    jq -r '.spec.ports | length')
  [ "${ports}" == "2" ]
  local ports=$(kubectl get service "$(name_prefix)" --output json |
    jq -r '.spec.ports[0].port')
  [ "${ports}" == "8200" ]
  local ports=$(kubectl get service "$(name_prefix)" --output json |
    jq -r '.spec.ports[1].port')
  [ "${ports}" == "8201" ]
  # Vault Init
  local token=$(kubectl exec -ti "$(name_prefix)-0" -- \
    vault operator init -format=json -n 1 -t 1 | \
    jq -r '.unseal_keys_b64[0]')
  [ "${token}" != "" ]
  # Vault Unseal
  local pods=($(kubectl get pods --selector='app.kubernetes.io/name=vault' -o json | jq -r '.items[].metadata.name'))
  for pod in "${pods[@]}"
  do
      kubectl exec -ti ${pod} -- vault operator unseal ${token}
  done
  wait_for_ready "$(name_prefix)-0"
  # Sealed, not initialized
  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.sealed' )
  [ "${sealed_status}" == "false" ]
  local init_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "true" ]
 }
 # setup a consul env
 setup() {
  kubectl delete namespace acceptance --ignore-not-found=true
  kubectl create namespace acceptance
  kubectl config set-context --current --namespace=acceptance
  helm repo add hashicorp https://helm.releases.hashicorp.com
  helm repo update
  CONSUL_HELM_VERSION=v0.48.0
  K8S_MAJOR=$(kubectl version --output=json | jq -r .serverVersion.major)
  K8S_MINOR=$(kubectl version --output=json | jq -r .serverVersion.minor)
  if [ \( $K8S_MAJOR -eq 1 \) -a \( $K8S_MINOR -le 20 \) ]; then
    CONSUL_HELM_VERSION=v0.32.1
  fi
  helm install consul hashicorp/consul \
    --version $CONSUL_HELM_VERSION \
    --set 'ui.enabled=false'
  wait_for_running_consul
 }
 #cleanup
 teardown() {
  if [[ ${CLEANUP:-true} == "true" ]]
  then
      # If the test failed, print some debug output
      if [[ "$BATS_ERROR_STATUS" -ne 0 ]]; then
          kubectl logs -l app=consul
          kubectl logs -l app.kubernetes.io/name=vault
      fi
      helm delete vault
      helm delete consul
      kubectl delete --all pvc
      kubectl delete namespace acceptance --ignore-not-found=true
  fi
 }
--- a/test/acceptance/server-telemetry.bats
+++ b/test/acceptance/server-telemetry.bats
@ -19,7 +19,7 @@ load _helpers
  helm install \
    --wait \
-    --values ../../test/acceptance/server-test/telemetry.yaml \
+    --values ./test/acceptance/server-test/telemetry.yaml \
    "$(name_prefix)" .
  wait_for_running $(name_prefix)-0
@ -27,31 +27,31 @@ load _helpers
  # Sealed, not initialized
  wait_for_sealed_vault $(name_prefix)-0
-  # OpenBao Init
+  # Vault Init
  local token=$(kubectl exec -ti "$(name_prefix)-0" -- \
-    bao operator init -format=json -n 1 -t 1 | \
+    vault operator init -format=json -n 1 -t 1 | \
    jq -r '.unseal_keys_b64[0]')
  [ "${token}" != "" ]
-  # OpenBao Unseal
+  # Vault Unseal
-  local pods=($(kubectl get pods --selector='app.kubernetes.io/name=openbao' -o json | jq -r '.items[].metadata.name'))
+  local pods=($(kubectl get pods --selector='app.kubernetes.io/name=vault' -o json | jq -r '.items[].metadata.name'))
  for pod in "${pods[@]}"
  do
-      kubectl exec -ti ${pod} -- bao operator unseal ${token}
+      kubectl exec -ti ${pod} -- vault operator unseal ${token}
  done
  wait_for_ready "$(name_prefix)-0"
  # Unsealed, initialized
-  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.sealed' )
  [ "${sealed_status}" == "false" ]
-  local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local init_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "true" ]
-  # unfortunately it can take up to 2 minutes for the openbao prometheus job to appear
+  # unfortunately it can take up to 2 minutes for the vault prometheus job to appear
  # TODO: investigate how reduce this.
  local job_labels
  local tries=0
@ -62,7 +62,7 @@ load _helpers
        -- wget -q -O - http://127.0.0.1:9090/api/v1/label/job/values) | tee /dev/stderr )
      # Ensure the expected job label was picked up by Prometheus
-      [ "$(echo "${job_labels}" | jq 'any(.data[]; . == "openbao-internal")')" = "true" ] && break
+      [ "$(echo "${job_labels}" | jq 'any(.data[]; . == "vault-internal")')" = "true" ] && break
      ((++tries))
      sleep .5
@ -72,7 +72,7 @@ load _helpers
  # Ensure the expected job is "up"
  local job_up=$( ( kubectl exec -n acceptance svc/prometheus-kube-prometheus-prometheus \
    -c prometheus \
-    -- wget -q -O - 'http://127.0.0.1:9090/api/v1/query?query=up{job="openbao-internal"}' ) | \
+    -- wget -q -O - 'http://127.0.0.1:9090/api/v1/query?query=up{job="vault-internal"}' ) | \
    tee /dev/stderr )
  [ "$(echo "${job_up}" | jq '.data.result[0].value[1]')" = \"1\" ]
 }
--- a/test/acceptance/server-test/telemetry.yaml
+++ b/test/acceptance/server-test/telemetry.yaml
@ -17,7 +17,7 @@ server:
      }
      storage "file" {
-        path = "/openbao/data"
+        path = "/vault/data"
      }
      telemetry {
--- a/test/acceptance/server.bats
+++ b/test/acceptance/server.bats
@ -15,7 +15,7 @@ load _helpers
  # Sealed, not initialized
  wait_for_sealed_vault $(name_prefix)-0
-  local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local init_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "false" ]
@ -40,7 +40,7 @@ load _helpers
  local mountPath=$(kubectl get statefulset "$(name_prefix)" --output json |
    jq -r '.spec.template.spec.containers[0].volumeMounts[0].mountPath')
-  [ "${mountPath}" == "/openbao/data" ]
+  [ "${mountPath}" == "/vault/data" ]
  # Volumes
  local volumeCount=$(kubectl get statefulset "$(name_prefix)" --output json |
@ -72,27 +72,27 @@ load _helpers
    jq -r '.spec.ports[1].port')
  [ "${ports}" == "8201" ]
-  # OpenBao Init
+  # Vault Init
  local token=$(kubectl exec -ti "$(name_prefix)-0" -- \
-    bao operator init -format=json -n 1 -t 1 | \
+    vault operator init -format=json -n 1 -t 1 | \
    jq -r '.unseal_keys_b64[0]')
  [ "${token}" != "" ]
-  # OpenBao Unseal
+  # Vault Unseal
-  local pods=($(kubectl get pods --selector='app.kubernetes.io/name=openbao' -o json | jq -r '.items[].metadata.name'))
+  local pods=($(kubectl get pods --selector='app.kubernetes.io/name=vault' -o json | jq -r '.items[].metadata.name'))
  for pod in "${pods[@]}"
  do
-      kubectl exec -ti ${pod} -- bao operator unseal ${token}
+      kubectl exec -ti ${pod} -- vault operator unseal ${token}
  done
  wait_for_ready "$(name_prefix)-0"
  # Unsealed, initialized
-  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local sealed_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.sealed' )
  [ "${sealed_status}" == "false" ]
-  local init_status=$(kubectl exec "$(name_prefix)-0" -- bao status -format=json |
+  local init_status=$(kubectl exec "$(name_prefix)-0" -- vault status -format=json |
    jq -r '.initialized')
  [ "${init_status}" == "true" ]
 }
@ -102,7 +102,7 @@ teardown() {
  if [[ ${CLEANUP:-true} == "true" ]]
  then
      echo "helm/pvc teardown"
-      helm delete openbao
+      helm delete vault
      kubectl delete --all pvc
      kubectl delete namespace acceptance --ignore-not-found=true
  fi
--- a/test/chart/_helpers.bash
+++ b/test/chart/_helpers.bash
@ -3,7 +3,7 @@
 # chart_dir returns the directory for the chart
 chart_dir() {
-    echo ${BATS_TEST_DIRNAME}/../../charts/openbao
+    echo ${BATS_TEST_DIRNAME}/../..
 }
 # check_result checks if the specified test passed
--- a/test/chart/verifier.bats
+++ b/test/chart/verifier.bats
@ -5,8 +5,8 @@ load _helpers
 setup_file() {
    cd `chart_dir`
    export VERIFY_OUTPUT="/$BATS_RUN_TMPDIR/verify.json"
-    export CHART_VOLUME=openbao-helm-chart-src
+    export CHART_VOLUME=vault-helm-chart-src
-    local IMAGE="quay.io/redhat-certification/chart-verifier:1.13.7"
+    local IMAGE="quay.io/redhat-certification/chart-verifier:1.10.1"
    # chart-verifier requires an openshift version if a cluster isn't available
    local OPENSHIFT_VERSION="4.12"
    local DISABLED_TESTS="chart-testing"
--- a/test/docker/Test.dockerfile
+++ b/test/docker/Test.dockerfile
@ -28,11 +28,7 @@ RUN apk update && apk add --no-cache --virtual .build-deps \
    jq
 # yq
-RUN python3 -m venv venv && \
+RUN pip install yq
    . venv/bin/activate && \
    pip install yq && \
    ln -s $PWD/venv/bin/yq /usr/local/bin/yq && \
    deactivate
 # gcloud
 RUN curl -OL https://dl.google.com/dl/cloudsdk/channels/rapid/install_google_cloud_sdk.bash && \
--- a/test/terraform/main.tf
+++ b/test/terraform/main.tf
@ -19,7 +19,7 @@ data "google_service_account" "gcpapi" {
 }
 resource "google_container_cluster" "cluster" {
-  name               = "openbao-helm-dev-${random_id.suffix.dec}"
+  name               = "vault-helm-dev-${random_id.suffix.dec}"
  project            = "${var.project}"
  enable_legacy_abac = true
  initial_node_count = 3
--- a/test/terraform/variables.tf
+++ b/test/terraform/variables.tf
@ -2,7 +2,7 @@
 # SPDX-License-Identifier: MPL-2.0
 variable "project" {
-  default = "openbao-helm-dev-246514"
+  default = "vault-helm-dev-246514"
  description = <<EOF
 Google Cloud Project to launch resources in. This project must have GKE
--- a/test/unit/_helpers.bash
+++ b/test/unit/_helpers.bash
@ -3,5 +3,5 @@
 # chart_dir returns the directory for the chart
 chart_dir() {
-    echo ${BATS_TEST_DIRNAME}/../../charts/openbao
+    echo ${BATS_TEST_DIRNAME}/../..
 }
--- a/test/unit/csi-agent-configmap.bats
+++ b/test/unit/csi-agent-configmap.bats
@ -18,7 +18,7 @@ load _helpers
      --set "csi.enabled=true" \
      . | tee /dev/stderr |
      yq -r '.metadata.name' | tee /dev/stderr)
-  [ "${actual}" = "release-name-openbao-csi-provider-agent-config" ]
+  [ "${actual}" = "release-name-vault-csi-provider-agent-config" ]
 }
@test "csi/Agent-ConfigMap: namespace" {
@ -40,25 +40,25 @@ load _helpers
  [ "${actual}" = "bar" ]
 }
-@test "csi/Agent-ConfigMap: OpenBao addr not affected by injector setting" {
+@test "csi/Agent-ConfigMap: Vault addr not affected by injector setting" {
  cd `chart_dir`
  local actual=$(helm template \
      --show-only templates/csi-agent-configmap.yaml \
      --set "csi.enabled=true" \
      --release-name not-external-test \
-      --set 'injector.externalVaultAddr=http://openbao-outside' \
+      --set 'injector.externalVaultAddr=http://vault-outside' \
      . | tee /dev/stderr |
      yq -r '.data["config.hcl"]' | tee /dev/stderr)
-  echo "${actual}" | grep "http://not-external-test-openbao.default.svc:8200"
+  echo "${actual}" | grep "http://not-external-test-vault.default.svc:8200"
 }
-@test "csi/Agent-ConfigMap: OpenBao addr correctly set for externalVaultAddr" {
+@test "csi/Agent-ConfigMap: Vault addr correctly set for externalVaultAddr" {
  cd `chart_dir`
  local actual=$(helm template \
      --show-only templates/csi-agent-configmap.yaml \
      --set "csi.enabled=true" \
-      --set 'global.externalVaultAddr=http://openbao-outside' \
+      --set 'global.externalVaultAddr=http://vault-outside' \
      . | tee /dev/stderr |
      yq -r '.data["config.hcl"]' | tee /dev/stderr)
-  echo "${actual}" | grep "http://openbao-outside"
+  echo "${actual}" | grep "http://vault-outside"
 }
--- a/test/unit/csi-clusterrole.bats
+++ b/test/unit/csi-clusterrole.bats
@ -29,5 +29,5 @@ load _helpers
      --set "csi.enabled=true" \
      . | tee /dev/stderr |
      yq -r '.metadata.name' | tee /dev/stderr)
-  [ "${actual}" = "release-name-openbao-csi-provider-clusterrole" ]
+  [ "${actual}" = "release-name-vault-csi-provider-clusterrole" ]
 }
--- a/test/unit/csi-clusterrolebinding.bats
+++ b/test/unit/csi-clusterrolebinding.bats
@ -29,7 +29,7 @@ load _helpers
      --set "csi.enabled=true" \
      . | tee /dev/stderr |
      yq -r '.roleRef.name' | tee /dev/stderr)
-  [ "${actual}" = "release-name-openbao-csi-provider-clusterrole" ]
+  [ "${actual}" = "release-name-vault-csi-provider-clusterrole" ]
 }
 # ClusterRoleBinding service account name
@ -40,7 +40,7 @@ load _helpers
      --set "csi.enabled=true" \
      . | tee /dev/stderr |
      yq -r '.subjects[0].name' | tee /dev/stderr)
-  [ "${actual}" = "release-name-openbao-csi-provider" ]
+  [ "${actual}" = "release-name-vault-csi-provider" ]
 }
 # ClusterRoleBinding service account namespace
--- a/test/unit/csi-daemonset.bats
+++ b/test/unit/csi-daemonset.bats
@ -81,7 +81,7 @@ load _helpers
      --set "csi.enabled=true" \
      . | tee /dev/stderr |
      yq -r '.spec.template.spec.serviceAccountName' | tee /dev/stderr)
-  [ "${actual}" = "release-name-openbao-csi-provider" ]
+  [ "${actual}" = "release-name-vault-csi-provider" ]
 }
 # Image
@ -101,13 +101,13 @@ load _helpers
  local actual=$(echo $object |
      yq -r '.[0].image' | tee /dev/stderr)
-  [ "${actual}" = "docker.io/Image1:0.0.1" ]
+  [ "${actual}" = "Image1:0.0.1" ]
  local actual=$(echo $object |
      yq -r '.[0].imagePullPolicy' | tee /dev/stderr)
  [ "${actual}" = "PullPolicy1" ]
  local actual=$(echo $object |
      yq -r '.[1].image' | tee /dev/stderr)
-  [ "${actual}" = "quay.io/Image2:0.0.2" ]
+  [ "${actual}" = "Image2:0.0.2" ]
  local actual=$(echo $object |
      yq -r '.[1].imagePullPolicy' | tee /dev/stderr)
  [ "${actual}" = "PullPolicy2" ]
@ -196,7 +196,7 @@ load _helpers
      --set "csi.enabled=true" \
      . | tee /dev/stderr |
      yq -r '.spec.template.spec.containers[0].args[2]' | tee /dev/stderr)
-  [ "${actual}" = "--hmac-secret-name=openbao-csi-provider-hmac-key" ]
+  [ "${actual}" = "--hmac-secret-name=vault-csi-provider-hmac-key" ]
  local actual=$(helm template \
      --show-only templates/csi-daemonset.yaml \
@ -666,7 +666,7 @@ load _helpers
  local object=$(helm template \
      --show-only templates/csi-daemonset.yaml \
      --set 'csi.enabled=true' \
-      --set 'global.externalVaultAddr=http://openbao-outside' \
+      --set 'global.externalVaultAddr=http://vault-outside' \
      . | tee /dev/stderr |
      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
@ -682,13 +682,13 @@ load _helpers
      --set 'csi.enabled=true' \
      --set 'csi.agent.enabled=false' \
      --release-name not-external-test \
-      --set 'injector.externalVaultAddr=http://openbao-outside' \
+      --set 'injector.externalVaultAddr=http://vault-outside' \
      . | tee /dev/stderr |
      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
  local value=$(echo $object |
      yq -r 'map(select(.name=="VAULT_ADDR")) | .[] .value' | tee /dev/stderr)
-  [ "${value}" = "http://not-external-test-openbao.default.svc:8200" ]
+  [ "${value}" = "http://not-external-test-vault.default.svc:8200" ]
 }
@test "csi/daemonset: with global.externalVaultAddr" {
@ -697,13 +697,13 @@ load _helpers
      --show-only templates/csi-daemonset.yaml \
      --set 'csi.enabled=true' \
      --set 'csi.agent.enabled=false' \
-      --set 'global.externalVaultAddr=http://openbao-outside' \
+      --set 'global.externalVaultAddr=http://vault-outside' \
      . | tee /dev/stderr |
      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
  local value=$(echo $object |
      yq -r 'map(select(.name=="VAULT_ADDR")) | .[] .value' | tee /dev/stderr)
-  [ "${value}" = "http://openbao-outside" ]
+  [ "${value}" = "http://vault-outside" ]
 }
 #--------------------------------------------------------------------
@ -796,7 +796,7 @@ load _helpers
      yq -r '.spec.template.spec.containers[1].env' | tee /dev/stderr)
  local value=$(echo $object |
-      yq -r 'map(select(.name=="BAO_LOG_LEVEL")) | .[] .value' | tee /dev/stderr)
+      yq -r 'map(select(.name=="VAULT_LOG_LEVEL")) | .[] .value' | tee /dev/stderr)
  [ "${value}" = "error" ]
 }
@ -810,7 +810,7 @@ load _helpers
      yq -r '.spec.template.spec.containers[1].env' | tee /dev/stderr)
  local value=$(echo $object |
-      yq -r 'map(select(.name=="BAO_LOG_FORMAT")) | .[] .value' | tee /dev/stderr)
+      yq -r 'map(select(.name=="VAULT_LOG_FORMAT")) | .[] .value' | tee /dev/stderr)
  [ "${value}" = "json" ]
 }
--- a/test/unit/csi-role.bats
+++ b/test/unit/csi-role.bats
@ -18,13 +18,13 @@ load _helpers
      --set "csi.enabled=true" \
      . | tee /dev/stderr |
      yq -r '.metadata.name' | tee /dev/stderr)
-  [ "${actual}" = "release-name-openbao-csi-provider-role" ]
+  [ "${actual}" = "release-name-vault-csi-provider-role" ]
  local actual=$(helm template \
      --show-only templates/csi-role.yaml \
      --set "csi.enabled=true" \
      . | tee /dev/stderr |
      yq -r '.rules[0].resourceNames[0]' | tee /dev/stderr)
-  [ "${actual}" = "openbao-csi-provider-hmac-key" ]
+  [ "${actual}" = "vault-csi-provider-hmac-key" ]
 }
@test "csi/Role: namespace" {
--- a/test/unit/csi-rolebinding.bats
+++ b/test/unit/csi-rolebinding.bats
@ -18,7 +18,7 @@ load _helpers
      --set "csi.enabled=true" \
      . | tee /dev/stderr |
      yq -r '.metadata.name' | tee /dev/stderr)
-  [ "${actual}" = "release-name-openbao-csi-provider-rolebinding" ]
+  [ "${actual}" = "release-name-vault-csi-provider-rolebinding" ]
 }
@test "csi/RoleBinding: namespace" {
--- a/test/unit/csi-serviceaccount.bats
+++ b/test/unit/csi-serviceaccount.bats
@ -29,7 +29,7 @@ load _helpers
      --set "csi.enabled=true" \
      . | tee /dev/stderr |
      yq -r '.metadata.name' | tee /dev/stderr)
-  [ "${actual}" = "release-name-openbao-csi-provider" ]
+  [ "${actual}" = "release-name-vault-csi-provider" ]
 }
 # serviceAccountNamespace namespace
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Kyle Schochenmaier	8f8d31e23c	update changelog	2023-10-30 14:04:35 -05:00
Kyle Schochenmaier	0649ecb27b	Prepare for release 0.26.1	2023-10-30 13:12:24 -05:00