diff --git a/ansible.cfg b/ansible.cfg
index 8c3cf84..5b2172a 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -22,3 +22,7 @@ pipelining = True
 control_path = /tmp/ansible-ssh-%%h-%%p-%%r
 # necessary for cloning private git repos
 ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o ConnectTimeout=360
+
+[hashi_vault_collection]
+auth_method = token
+url = https://vault.infra.status.im
diff --git a/ansible/group_vars/node-db.yml b/ansible/group_vars/node-db.yml
index a8c602f..a83ce45 100644
--- a/ansible/group_vars/node-db.yml
+++ b/ansible/group_vars/node-db.yml
@@ -8,12 +8,12 @@ postgres_ha_replica_enabled: false
 postgres_ha_replica_allowed_addresses: []
 
 postgres_ha_admin_user: 'postgres'
-postgres_ha_admin_pass: '{{lookup("bitwarden", "fleets/waku/"+stage+"/db/admin")}}'
+postgres_ha_admin_pass: '{{lookup("community.hashi_vault.hashi_vault", "secret/waku/fleets/waku/"+stage+"/db/admin:password")}}'
 
 postgres_ha_databases:
   - name: 'nim-waku'
     user: 'nim-waku'
-    pass: '{{lookup("bitwarden", "fleets/waku/"+stage+"/db/nim-waku")}}'
+    pass: '{{lookup("community.hashi_vault.hashi_vault", "secret/waku/fleets/waku/"+stage+"/db/nim-waku:password")}}'
 
 postgres_ha_backup: false
 
diff --git a/ansible/group_vars/node.yml b/ansible/group_vars/node.yml
index 5dd559a..162426e 100644
--- a/ansible/group_vars/node.yml
+++ b/ansible/group_vars/node.yml
@@ -9,7 +9,7 @@ nim_waku_log_level: 'debug'
 nim_waku_protocols_enabled: ['relay', 'rln-relay', 'store', 'filter', 'lightpush', 'peer-exchange']
 nim_waku_disc_v5_enabled: true
 nim_waku_dns4_domain_name: '{{ dns_entry }}'
-nim_waku_node_key: '{{lookup("bitwarden", "fleets/"+env+"/"+stage+"/nodekeys", field=hostname)}}'
+nim_waku_node_key: '{{lookup("community.hashi_vault.hashi_vault", "secret/waku/fleets/"+env+"/"+stage+"/nodekeys:"+hostname)}}'
 nim_waku_cluster_id: 1
 nim_waku_relay_shard_manager: true
 
@@ -37,7 +37,7 @@ nim_waku_p2p_max_connections: 300
 # Store
 nim_waku_store_message_db_name: 'nim-waku'
 nim_waku_store_message_db_user: 'nim-waku'
-nim_waku_store_message_db_pass: '{{lookup("bitwarden", "fleets/"+env+"/"+stage+"/db/nim-waku")}}'
+nim_waku_store_message_db_pass: '{{lookup("community.hashi_vault.hashi_vault", "secret/waku/fleets/"+env+"/"+stage+"/db:password")}}'
 nim_waku_store_message_db_url: 'postgres://{{ nim_waku_store_message_db_user}}:{{ nim_waku_store_message_db_pass}}@node-db-01.{{ ansible_domain }}.wg:5432/{{nim_waku_store_message_db_name}}'
 nim_waku_store_message_retention_policy: 'time:432000' # 5 days
 nim_waku_store_vacuum: true
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
index aaec7da..682989c 100644
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@@ -25,7 +25,7 @@
 
 - name: infra-role-certbot
   src: git@github.com:status-im/infra-role-certbot.git
-  version: fdf310513b2dc731f30861ed8a5957b54b4422f7
+  version: 17986a809058ce17ef45300365b268f3ed33a00a
   scm: git
 
 - name: infra-role-nim-waku