diff --git a/.gitconfig b/.gitconfig
index 764b8d5..7f3c382 100644
--- a/.gitconfig
+++ b/.gitconfig
@@ -27,6 +27,9 @@ pager = less -F -X
 repositoryformatversion = 0
 warnAmbiguousRefs = false
 
+[credential]
+helper = vault
+
 [diff]
 renames = true
 
diff --git a/bin/git-credential-vault b/bin/git-credential-vault
new file mode 100755
index 0000000..7e314bd
--- /dev/null
+++ b/bin/git-credential-vault
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+source "${HOME}/bin/script_framework.sh"
+
+function handle_get() {
+  while read line; do
+    local param=$(cut -d '=' -f 1 <<<"${line}")
+    local value=$(cut -d '=' -f 2- <<<"${line}")
+
+    [[ $param == host ]] || continue
+
+    vault read -format=json secret/git-credential/${value} 2>/dev/null | jq -r '.data | to_entries[] | [.key, .value] | join("=")' || return 1
+    info "[git-credential-vault] Read credential for '${value}' from Vault"
+  done
+}
+
+function main() {
+  local action="${1:-_invalid}"
+  shift
+
+  case ${action} in
+  get) handle_get ;;
+  *) return 1 ;;
+  esac
+}
+
+main "$@"