diff --git a/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
new file mode 100644
index 0000000..e713c85
--- /dev/null
+++ b/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.PipelineSecrets.Vault.Replace }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-vault-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
+  addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
+  skipVerify: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
+{{- end }}
\ No newline at end of file
diff --git a/molgenis-jenkins/values.yaml b/molgenis-jenkins/values.yaml
index 875b9c1..f994646 100644
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@@ -368,15 +368,12 @@ jenkins:
     install: true
   Pods:
     molgenis:
-      Label: molgenis
-      NodeUsageMode: NORMAL
+      Label: molgenisv2
+      NodeUsageMode: EXCLUSIVE
       volumes:
         - type: HostPath
           hostPath: "/var/run/docker.sock"
           mountPath: "/var/run/docker.sock"
-        - type: Secret
-          secretName: molgenis-pipeline-file-secret
-          mountPath: "/root/.m2"
       Containers:
         maven:
           Image: "registry.webhosting.rug.nl/molgenis/maven"
@@ -394,6 +391,34 @@ jenkins:
           Command: cat
           WorkingDir: /home/jenkins
           TTY: true
+        vault:
+          Image: "vault"
+          Command: cat
+          WorkingDir: /home/jenkins
+          TTY: true
+          EnvVars:
+            - type: Secret
+              key: VAULT_TOKEN
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: token
+            - type: Secret
+              key: VAULT_SKIP_VERIFY
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: skipVerify
+            - type: Secret
+              key: VAULT_ADDR
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: addr
+      NodeSelector: {}
+    molgenis-legacy:
+      InheritFrom: molgenis
+      Label: molgenis
+      NodeUsageMode: NORMAL
+      volumes:
+        - type: Secret
+          secretName: molgenis-pipeline-file-secret
+          mountPath: "/root/.m2"
+      Containers:
       EnvVars:
         - type: Secret
           key: PGP_PASSPHRASE
@@ -509,6 +534,10 @@ jenkins:
               memory: "512Mi"
       NodeSelector: {}
 PipelineSecrets:
+  Vault:
+    Replace: true
+    Token: xxxx
+    Addr: "https://vault-operator.vault-operator.svc:8200"
   Env:
     # Set to false to keep existing secret
     Replace: true