diff --git a/environments/common.yaml.gotmpl b/environments/common.yaml.gotmpl
index 0ac2943..345df20 100644
--- a/environments/common.yaml.gotmpl
+++ b/environments/common.yaml.gotmpl
@@ -3,9 +3,7 @@
 {{ $defaultOrchestrateChart := "consensys/orchestrate" }}
 {{ $defaultQkmChart := "consensys/quorumkeymanager" }}
 {{ $defaultOrchestrateChartVersion := "2.0.0" }}
-{{ $defaultQkmChartVersion := "1.1.5" }}
-{{ $defaultNamespace := "orchestrate" }}
-{{/* $tag := "v21.10.1-alpha.3" */}}
+{{ $defaultQkmChartVersion := "1.1.7" }}
 {{ $tag := "v21.12.1" }}
 {{ $qkmTag := "v21.12.1" }}
 
diff --git a/environments/qa.yaml b/environments/qa.yaml
index 17124c6..1d264e3 100644
--- a/environments/qa.yaml
+++ b/environments/qa.yaml
@@ -25,3 +25,14 @@ zookeeper:
       memory: "512Mi"
     limits:
       memory: "2Gi"
+
+qkm:
+  enabled: true
+  vault:
+    tls:
+      enabled: false
+    agents:
+      - name: orchestrate
+        vaultAddress: http://vault.qa:8200
+        config:
+          role: qa
diff --git a/values/orchestrate.yaml.gotmpl b/values/orchestrate.yaml.gotmpl
index f81b9f2..9e79904 100644
--- a/values/orchestrate.yaml.gotmpl
+++ b/values/orchestrate.yaml.gotmpl
@@ -60,6 +60,9 @@ api:
                 service:
                   port:
                     number: 80
+    tls:
+    - hosts:
+      - {{ .Values.orchestrate.namespace }}.orchestrate.{{ .Values.domainName }}
   {{- end }}
   environment:
     {{- range $key, $value := $kafkaEnv }}
diff --git a/values/qkm.yaml.gotmpl b/values/qkm.yaml.gotmpl
index a691e8a..1f3aa96 100644
--- a/values/qkm.yaml.gotmpl
+++ b/values/qkm.yaml.gotmpl
@@ -1,4 +1,6 @@
 
+{{ $qkmVaultTls := .Values | get "qkm.vault.tls.enabled" false }}
+
 image:
   repository: {{ .Values.qkm.image.repository }}
   pullPolicy: IfNotPresent
@@ -53,16 +55,24 @@ auth:
 
 vault:
   tls:
-    enabled: false
+    enabled: {{ $qkmVaultTls }}
   agents:
-    - name: "orchestrate"
-      vaultAddress: "http://vault.orchestrate.svc.cluster.local:8200"
+  {{- range .Values.qkm.vault.agents }}
+    - name: {{ .name }}
+      vaultAddress: {{ .vaultAddress }}
       image:
         repository: vault
         tag: 1.8.2
       config:
         wrapTTL: ""
-        role: "orchestrate"
+        role: {{ .config.role }}
+  {{- if $qkmVaultTls }}
+      ca: {{ .ca }}
+      key: {{ .key }}
+      crt: {{ .crt }}
+  {{- end }}
+      mountPath: /vault/token
+  {{- end }}
 
 serviceAccount:
   create: false