diff --git a/Netgrimoire/Audits/vault-2026-04-03.md b/Netgrimoire/Audits/vault-2026-04-03.md
new file mode 100644
index 0000000..81af8c3
--- /dev/null
+++ b/Netgrimoire/Audits/vault-2026-04-03.md
@@ -0,0 +1,62 @@
+---
+title: Audit - vault.yaml
+description: Gremlin audit report 2026-04-03
+published: true
+date: 2026-04-03T03:21:32.070Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-04-03T03:21:32.070Z
+---
+
+# Audit Report — vault.yaml
+
+**Date:** 2026-04-03  
+**File:** swarm/vault.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+1. **Homepage labels**:
+   - `homepage.group`: "Backup"
+   - `homepage.name`: "Vault"
+   - `homepage.icon`: "kopia.png"
+   - `homepage.href`: "https://vault.netgrimoire.com"
+   - `homepage.description`: "Snapshot backup and deduplication"
+
+   **PASS**: All homepage labels are correctly defined.
+
+2. **Uptime Kuma labels**:
+   - `kuma.kopia.http.name`: "Kopia Web"
+   - `kuma.kopia.http.url`: "http://vault:51515"
+
+   **PASS**: Uptime Kuma labels are correctly defined.
+
+3. **Caddy labels on exposed services**:
+   - `caddy: vault.netgrimoire.com`
+   - `caddy.reverse_proxy: "https://kopia-server-vault:51516"`
+
+   **FAIL**: The `caddy.reverse_proxy` label is incorrectly configured. It should point to the correct service, likely "vault" instead of "kopia-server-vault".
+
+4. **Placement constraints**:
+   - `node.hostname == znas`
+
+   **PASS**: Placement constraint correctly targets a specific node.
+
+5. **Volumes use /DockerVol/<service> path convention**:
+   - `/DockerVol/vault/config:/app/config`
+   - `/DockerVol/vault/cache:/app/cache`
+   - `/DockerVol/vault/cert:/app/cert`
+   - `/srv/vault/backup/repository:/vault`
+   - `/DockerVol/vault/logs:/app/logs`
+
+   **FAIL**: Volume paths do not follow the `/DockerVol/<service>` convention. The volume path for the backup repository should be `/DockerVol/vault/backup/repository`.
+
+6. **Network references external netgrimoire overlay**:
+   - `netgrimoire`: External
+
+   **PASS**: Network reference is correctly set to an external network.
+
+**VERDICT: FAIL**
+
+The configuration contains issues that need to be addressed for the infrastructure to meet the specified standards and function correctly.
\ No newline at end of file