diff --git a/clusters/cl01tl/platform/vault/templates/ingress.yaml b/clusters/cl01tl/platform/vault/templates/ingress.yaml
index 9e1997cd0..384cd7e83 100644
--- a/clusters/cl01tl/platform/vault/templates/ingress.yaml
+++ b/clusters/cl01tl/platform/vault/templates/ingress.yaml
@@ -1,26 +1,24 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: vault-local
+  name: vault-tailscale
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: vault-local
+    app.kubernetes.io/name: vault-tailscale
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
     app.kubernetes.io/part-of: {{ .Release.Name }}
   annotations:
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.tls: "true"
-    cert-manager.io/cluster-issuer: letsencrypt-issuer
+        tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
 spec:
-  ingressClassName: traefik
+  ingressClassName: tailscale
   tls:
     - hosts:
-        - vault.alexlebens.net
-      secretName: vault-tls-secret
+        - vault-cl01tl
+      secretName: vault-cl01tl
   rules:
-    - host: vault.alexlebens.net
+    - host: vault-cl01tl
       http:
         paths:
           - path: /
diff --git a/clusters/cl01tl/platform/vault/values.yaml b/clusters/cl01tl/platform/vault/values.yaml
index eb34baf70..4b84ede3c 100644
--- a/clusters/cl01tl/platform/vault/values.yaml
+++ b/clusters/cl01tl/platform/vault/values.yaml
@@ -23,18 +23,20 @@ vault:
     ingress:
       enabled: true
       annotations:
-        tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
-      ingressClassName: tailscale
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      ingressClassName: treafik
       pathType: Prefix
       activeService: true
       hosts:
-        - host: vault-cl01tl
+        - host: vault.alexlebens.net
           paths:
             - /
       tls:
-        - secretName: vault-cl01tl
+        - secretName: vault-tls-secret
           hosts:
-            - vault-cl01tl
+            - vault.alexlebens.net
     route:
       enabled: false
     authDelegator: