diff --git a/cookbooks/vault/files/etc/logrotate.d/vault b/cookbooks/vault/files/etc/logrotate.d/vault
new file mode 100644
index 0000000..33d56df
--- /dev/null
+++ b/cookbooks/vault/files/etc/logrotate.d/vault
@@ -0,0 +1,16 @@
+/opt/vault/logs/audit.log {
+  rotate 30
+  daily
+  # Do not execute rotate if the log file is empty.
+  notifempty
+  missingok
+  compress
+  # Set compress on next rotate cycl to prevent entry loss when performing compression.
+  delaycompress
+  postrotate
+    /usr/bin/pkill -HUP vault
+  endscript
+  extension log
+  dateext
+  dateformat %Y-%m-%d.
+}
diff --git a/cookbooks/vault/setup.rb b/cookbooks/vault/setup.rb
index 2c0e2ce..6ae000d 100644
--- a/cookbooks/vault/setup.rb
+++ b/cookbooks/vault/setup.rb
@@ -20,3 +20,9 @@ end
     mode '644'
   end
 end
+
+remote_file '/etc/logrotate.d/vault' do
+  owner 'root'
+  group 'root'
+  mode '644'
+end