diff --git a/data/defaults.yaml b/data/defaults.yaml
--- a/data/defaults.yaml
+++ b/data/defaults.yaml
@@ -1372,6 +1372,12 @@
   args:
     url: "http://orangerie.internal.softwareheritage.org:%{hiera('swh::remote_service::vault::port')}/"
 
+# Vault backend configuration on azure
+swh::remote_service::vault::config::azure:
+  cls: remote
+  args:
+    url: "http://vangogh.euwest.azure.internal.softwareheritage.org:%{hiera('swh::remote_service::vault::port')}/"
+
 # End remote service configurations
 #####################################################################################################
 
diff --git a/data/hostname/vangogh.euwest.azure.internal.softwareheritage.org.yaml b/data/hostname/vangogh.euwest.azure.internal.softwareheritage.org.yaml
new file mode 100644
--- /dev/null
+++ b/data/hostname/vangogh.euwest.azure.internal.softwareheritage.org.yaml
@@ -0,0 +1,15 @@
+# open vault api
+swh::deploy::vault::backend::listen::host: 0.0.0.0
+
+# vault's cache backend is an azure objstorage
+swh::deploy::vault::config::cache:
+  cls: azure
+  args:
+    account_name: "%{hiera('swh::azure::credentials::vaultstorage::account')}"
+    api_secret_key: "%{hiera('swh::azure::credentials::vaultstorage::key')}"
+    container_name: contents
+
+swh::remote_service::storage::config: "%{alias('swh::remote_service::storage::config::azure')}"
+
+# No workers
+swh::deploy::worker::instances: []
diff --git a/manifests/site.pp b/manifests/site.pp
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -47,7 +47,7 @@
   include role::swh_vault_test
 }
 
-node /^(unibo-prod|orangerie).(internal.)?softwareheritage.org$/ {
+node /^(unibo-prod|orangerie|vangogh).(euwest.azure.)?(internal.)?softwareheritage.org$/ {
   include role::swh_vault
 }