diff --git a/ansible/tasks/setup-extensions.yml b/ansible/tasks/setup-extensions.yml
index 5e917d388..86af557f9 100644
--- a/ansible/tasks/setup-extensions.yml
+++ b/ansible/tasks/setup-extensions.yml
@@ -64,8 +64,8 @@
 - name: Install auto_explain
   import_tasks: tasks/postgres-extensions/21-auto_explain.yml
 
-# - name: Install vault
-#   import_tasks: tasks/postgres-extensions/23-vault.yml
+- name: Install vault
+  import_tasks: tasks/postgres-extensions/23-vault.yml
 
 - name: Install PGroonga
   import_tasks: tasks/postgres-extensions/24-pgroonga.yml
diff --git a/ansible/vars.yml b/ansible/vars.yml
index f4a95049a..4714ce88a 100644
--- a/ansible/vars.yml
+++ b/ansible/vars.yml
@@ -112,8 +112,8 @@ pg_jsonschema_release: "0.1.4"
 pg_stat_monitor_release: "1.1.1"
 pg_stat_monitor_release_checksum: sha256:1756a02d5a6dd66b892d15920257c69a17a67d48d3d4e2f189b681b83001ec2a
 
-vault_release: "0.2.8"
-vault_release_checksum: sha256:842cdee6d5b586b1baacccfaa08b45d56566987af87952a5fe5ee80b24400754
+vault_release: "0.2.9"
+vault_release_checksum: sha256:1e813216395c59bb94c92be47ce8b70ba19ccc0efbcdb1fb14ed6d34a42c6cdb
 
 groonga_release: "12.0.8"
 groonga_release_checksum: sha256:7770c0ff6804ef4b47b015b15736cd973cffced977c20991b16b2daa4fea6eeb
diff --git a/common.vars.pkr.hcl b/common.vars.pkr.hcl
index 88529c294..894f69419 100644
--- a/common.vars.pkr.hcl
+++ b/common.vars.pkr.hcl
@@ -1 +1 @@
-postgres-version = "15.1.0.46-rc0"
+postgres-version = "15.1.0.46-rc0-chore/update-vault-0.2.9"
diff --git a/ebssurrogate/files/unit-tests/unit-test-01.sql b/ebssurrogate/files/unit-tests/unit-test-01.sql
index 3b28abe4f..6ce43cbf3 100644
--- a/ebssurrogate/files/unit-tests/unit-test-01.sql
+++ b/ebssurrogate/files/unit-tests/unit-test-01.sql
@@ -11,7 +11,8 @@ SELECT extensions_are(
     'pg_graphql',
     'pgcrypto',
     'pgjwt',
-    'uuid-ossp'
+    'uuid-ossp',
+    'supabase_vault'
      ]
 );
 
diff --git a/migrations/db/migrations/20221207154255_create_pgsodium_and_vault.sql b/migrations/db/migrations/20221207154255_create_pgsodium_and_vault.sql
index 9a863bdaf..f30fee93e 100644
--- a/migrations/db/migrations/20221207154255_create_pgsodium_and_vault.sql
+++ b/migrations/db/migrations/20221207154255_create_pgsodium_and_vault.sql
@@ -10,6 +10,6 @@ grant execute on function pgsodium.crypto_aead_det_decrypt(bytea, bytea, uuid, b
 grant execute on function pgsodium.crypto_aead_det_encrypt(bytea, bytea, uuid, bytea) to service_role;
 grant execute on function pgsodium.crypto_aead_det_keygen to service_role;
 
--- create extension if not exists supabase_vault;
+create extension if not exists supabase_vault;
 
 -- migrate:down
diff --git a/migrations/schema.sql b/migrations/schema.sql
index 9d2d61205..5bb4b15b0 100644
--- a/migrations/schema.sql
+++ b/migrations/schema.sql
@@ -79,6 +79,13 @@ CREATE SCHEMA realtime;
 CREATE SCHEMA storage;
 
 
+--
+-- Name: vault; Type: SCHEMA; Schema: -; Owner: -
+--
+
+CREATE SCHEMA vault;
+
+
 --
 -- Name: pg_graphql; Type: EXTENSION; Schema: -; Owner: -
 --
@@ -135,6 +142,20 @@ CREATE EXTENSION IF NOT EXISTS pgjwt WITH SCHEMA extensions;
 COMMENT ON EXTENSION pgjwt IS 'JSON Web Token API for Postgresql';
 
 
+--
+-- Name: supabase_vault; Type: EXTENSION; Schema: -; Owner: -
+--
+
+CREATE EXTENSION IF NOT EXISTS supabase_vault WITH SCHEMA vault;
+
+
+--
+-- Name: EXTENSION supabase_vault; Type: COMMENT; Schema: -; Owner: -
+--
+
+COMMENT ON EXTENSION supabase_vault IS 'Supabase Vault Extension';
+
+
 --
 -- Name: uuid-ossp; Type: EXTENSION; Schema: -; Owner: -
 --
@@ -552,6 +573,28 @@ END
 $$;
 
 
+--
+-- Name: secrets_encrypt_secret_secret(); Type: FUNCTION; Schema: vault; Owner: -
+--
+
+CREATE FUNCTION vault.secrets_encrypt_secret_secret() RETURNS trigger
+    LANGUAGE plpgsql
+    AS $$
+		BEGIN
+		        new.secret = CASE WHEN new.secret IS NULL THEN NULL ELSE
+			CASE WHEN new.key_id IS NULL THEN NULL ELSE pg_catalog.encode(
+			  pgsodium.crypto_aead_det_encrypt(
+				pg_catalog.convert_to(new.secret, 'utf8'),
+				pg_catalog.convert_to((new.id::text || new.description::text || new.created_at::text || new.updated_at::text)::text, 'utf8'),
+				new.key_id::uuid,
+				new.nonce
+			  ),
+				'base64') END END;
+		RETURN new;
+		END;
+		$$;
+
+
 SET default_tablespace = '';
 
 SET default_table_access_method = heap;
@@ -738,6 +781,30 @@ CREATE TABLE storage.objects (
 );
 
 
+--
+-- Name: decrypted_secrets; Type: VIEW; Schema: vault; Owner: -
+--
+
+CREATE VIEW vault.decrypted_secrets AS
+ SELECT secrets.id,
+    secrets.name,
+    secrets.description,
+    secrets.secret,
+        CASE
+            WHEN (secrets.secret IS NULL) THEN NULL::text
+            ELSE
+            CASE
+                WHEN (secrets.key_id IS NULL) THEN NULL::text
+                ELSE convert_from(pgsodium.crypto_aead_det_decrypt(decode(secrets.secret, 'base64'::text), convert_to(((((secrets.id)::text || secrets.description) || (secrets.created_at)::text) || (secrets.updated_at)::text), 'utf8'::name), secrets.key_id, secrets.nonce), 'utf8'::name)
+            END
+        END AS decrypted_secret,
+    secrets.key_id,
+    secrets.nonce,
+    secrets.created_at,
+    secrets.updated_at
+   FROM vault.secrets;
+
+
 --
 -- Name: refresh_tokens id; Type: DEFAULT; Schema: auth; Owner: -
 --