diff --git a/site/profiles/manifests/vault/server.pp b/site/profiles/manifests/vault/server.pp
index 84398f4..d73a4a3 100644
--- a/site/profiles/manifests/vault/server.pp
+++ b/site/profiles/manifests/vault/server.pp
@@ -15,6 +15,7 @@ class profiles::vault::server (
   Stdlib::Absolutepath $ssl_crt     = '/etc/pki/tls/vault/certificate.crt',
   Stdlib::Absolutepath $ssl_key     = '/etc/pki/tls/vault/private.key',
   Stdlib::Absolutepath $ssl_ca      = '/etc/pki/tls/certs/ca-bundle.crt',
+  Stdlib::Absolutepath $audit_log   = '/var/log/vault_audit.log',
 ){
 
   # set a datacentre/cluster name
@@ -85,6 +86,14 @@ class profiles::vault::server (
       ]
     }
 
+    # ensure the vault audit log exists
+    file { $audit_log:
+      ensure => 'file',
+      owner  => 'vault',
+      group  => 'vault',
+      mode   => '0600',
+    }
+
     service { 'vault':
       ensure    => true,
       enable    => true,