diff --git a/vault-handler/replicas-3/job.yaml b/vault-handler/base/job.yaml
similarity index 100%
rename from vault-handler/replicas-3/job.yaml
rename to vault-handler/base/job.yaml
diff --git a/vault-handler/base/kustomization.yaml b/vault-handler/base/kustomization.yaml
new file mode 100644
index 0000000..befe1df
--- /dev/null
+++ b/vault-handler/base/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: vault
+
+resources:
+  - job.yaml
+  - rbac.yaml
diff --git a/vault-handler/replicas-1/rbac.yaml b/vault-handler/base/rbac.yaml
similarity index 100%
rename from vault-handler/replicas-1/rbac.yaml
rename to vault-handler/base/rbac.yaml
diff --git a/vault-handler/replicas-1/kustomization.yaml b/vault-handler/replicas-1/kustomization.yaml
index befe1df..47844b6 100644
--- a/vault-handler/replicas-1/kustomization.yaml
+++ b/vault-handler/replicas-1/kustomization.yaml
@@ -3,5 +3,7 @@ kind: Kustomization
 namespace: vault
 
 resources:
-  - job.yaml
-  - rbac.yaml
+  - ../base
+
+patches:
+  - path: set_command.yaml
diff --git a/vault-handler/replicas-1/job.yaml b/vault-handler/replicas-1/set_command.yaml
similarity index 55%
rename from vault-handler/replicas-1/job.yaml
rename to vault-handler/replicas-1/set_command.yaml
index 11a3835..71b7a6e 100644
--- a/vault-handler/replicas-1/job.yaml
+++ b/vault-handler/replicas-1/set_command.yaml
@@ -6,10 +6,6 @@ metadata:
 spec:
   template:
     spec:
-      serviceAccountName: vault-handler
       containers:
         - name: vault-handler
-          image: ghcr.io/konstructio/vault-handler:latest
-          imagePullPolicy: Always
           args: ['unseal', '--leader-only']
-      restartPolicy: OnFailure
diff --git a/vault-handler/replicas-3/kustomization.yaml b/vault-handler/replicas-3/kustomization.yaml
index befe1df..47844b6 100644
--- a/vault-handler/replicas-3/kustomization.yaml
+++ b/vault-handler/replicas-3/kustomization.yaml
@@ -3,5 +3,7 @@ kind: Kustomization
 namespace: vault
 
 resources:
-  - job.yaml
-  - rbac.yaml
+  - ../base
+
+patches:
+  - path: set_command.yaml
diff --git a/vault-handler/replicas-3/rbac.yaml b/vault-handler/replicas-3/rbac.yaml
deleted file mode 100644
index 7ed34fe..0000000
--- a/vault-handler/replicas-3/rbac.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: vault-handler
-  namespace: vault
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: vault-handler
-  namespace: vault
-rules:
-  - apiGroups: ['']
-    resources: ['configmaps', 'secrets', 'pods']
-    verbs:
-      ['get', 'watch', 'list', 'create', 'apply', 'patch', 'delete', 'update']
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: vault-handler
-  namespace: vault
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: vault-handler
-subjects:
-  - kind: ServiceAccount
-    name: vault-handler
diff --git a/vault-handler/replicas-3/set_command.yaml b/vault-handler/replicas-3/set_command.yaml
new file mode 100644
index 0000000..f45c1b9
--- /dev/null
+++ b/vault-handler/replicas-3/set_command.yaml
@@ -0,0 +1,11 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: vault-handler
+  namespace: vault
+spec:
+  template:
+    spec:
+      containers:
+        - name: vault-handler
+          args: ['unseal']