diff --git a/pkg/apis/vault/v1alpha1/types.go b/pkg/apis/vault/v1alpha1/types.go
index 87128b7..1ab0a83 100644
--- a/pkg/apis/vault/v1alpha1/types.go
+++ b/pkg/apis/vault/v1alpha1/types.go
@@ -73,6 +73,10 @@ type VaultServiceSpec struct {
 
 	// TLS policy of vault nodes
 	TLS *TLSPolicy `json:"TLS,omitempty"`
+
+	// Service Account
+	// Default: default
+	ServiceAccountName string `json:"serviceAccountName,omitempty"`
 }
 
 // PodPolicy defines the policy for pods owned by vault operator.
@@ -104,6 +108,10 @@ func (v *VaultService) SetDefaults() bool {
 		}}
 		changed = true
 	}
+	if len(vs.ServiceAccountName) == 0{
+		vs.ServiceAccountName = "default"
+		changed = true
+	}
 	return changed
 }
 
diff --git a/pkg/util/k8sutil/vault.go b/pkg/util/k8sutil/vault.go
index 44c6cb8..bbd17ae 100644
--- a/pkg/util/k8sutil/vault.go
+++ b/pkg/util/k8sutil/vault.go
@@ -242,6 +242,7 @@ func DeployVault(kubecli kubernetes.Interface, v *api.VaultService) error {
 			Labels: selector,
 		},
 		Spec: v1.PodSpec{
+			ServiceAccountName: v.Spec.ServiceAccountName,
 			Containers: []v1.Container{vaultContainer(v), statsdExporterContainer()},
 			Volumes: []v1.Volume{{
 				Name: vaultConfigVolName,