diff --git a/nomad/setup-cluster.yml b/nomad/setup-cluster.yml
index 6069168..b5d5bae 100644
--- a/nomad/setup-cluster.yml
+++ b/nomad/setup-cluster.yml
@@ -150,7 +150,9 @@
           - "-address=http://127.0.0.1:8200/"
           - "{{ item }}"
       loop: "{{ unseal_keys_hex }}"
-      when: unseal_keys_hex is defined
+      when:
+        - unseal_keys_hex is defined
+        - vault_status.json["sealed"]
 
     - name: Bootstrap Vault secrets
       delegate_to: localhost
@@ -322,6 +324,8 @@
         nomad_acl_enabled: true
 
         # Enable vault integration
+        nomad_vault_address: "http://vault.service.consul:8200"
+        nomad_vault_create_from_role: "nomad-cluster"
         nomad_vault_enabled: "{{ root_token is defined }}"
         nomad_vault_token: "{{ root_token | default('') }}"
 
@@ -387,6 +391,7 @@
       delegate_to: localhost
       run_once: true
       no_log: true
+      changed_when: false
       register: read_secretid
 
     - name: Copy policy