diff --git a/src/core/package_manager/facade.rs b/src/core/package_manager/facade.rs
index 8788a3aa..cc6c7b1d 100644
--- a/src/core/package_manager/facade.rs
+++ b/src/core/package_manager/facade.rs
@@ -172,6 +172,13 @@ impl PackageManager {
         }
         std::thread::sleep(std::time::Duration::from_secs(15));
         self.exec_in_container(&container_name, "mkdir -p /opt/gbo/{bin,data,conf,logs}")?;
+
+        // Install base packages required for all containers (wget for downloads, unzip for .zip files, curl for health checks)
+        self.exec_in_container(&container_name, "apt-get update -qq")?;
+        self.exec_in_container(
+            &container_name,
+            "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq wget unzip curl ca-certificates",
+        )?;
         let (pre_cmds, post_cmds) = match self.os_type {
             OsType::Linux => (
                 &component.pre_install_cmds_linux,
diff --git a/src/core/package_manager/installer.rs b/src/core/package_manager/installer.rs
index 8f197732..4512f507 100644
--- a/src/core/package_manager/installer.rs
+++ b/src/core/package_manager/installer.rs
@@ -897,6 +897,22 @@ impl PackageManager {
                 pre_install_cmds_linux: vec![
                     "mkdir -p {{DATA_PATH}}/vault".to_string(),
                     "mkdir -p {{CONF_PATH}}/vault".to_string(),
+                    "mkdir -p {{LOGS_PATH}}".to_string(),
+                    r#"cat > {{CONF_PATH}}/vault/config.hcl << 'EOF'
+storage "file" {
+  path = "/opt/gbo/data/vault"
+}
+
+listener "tcp" {
+  address     = "0.0.0.0:8200"
+  tls_disable = 1
+}
+
+api_addr = "http://0.0.0.0:8200"
+cluster_addr = "http://0.0.0.0:8201"
+ui = true
+disable_mlock = true
+EOF"#.to_string(),
                 ],
                 // Note: Vault initialization is handled in bootstrap::setup_vault()
                 // because it requires the Vault server to be running first
@@ -904,6 +920,22 @@ impl PackageManager {
                 pre_install_cmds_macos: vec![
                     "mkdir -p {{DATA_PATH}}/vault".to_string(),
                     "mkdir -p {{CONF_PATH}}/vault".to_string(),
+                    "mkdir -p {{LOGS_PATH}}".to_string(),
+                    r#"cat > {{CONF_PATH}}/vault/config.hcl << 'EOF'
+storage "file" {
+  path = "{{DATA_PATH}}/vault"
+}
+
+listener "tcp" {
+  address     = "0.0.0.0:8200"
+  tls_disable = 1
+}
+
+api_addr = "http://0.0.0.0:8200"
+cluster_addr = "http://0.0.0.0:8201"
+ui = true
+disable_mlock = true
+EOF"#.to_string(),
                 ],
                 post_install_cmds_macos: vec![],
                 pre_install_cmds_windows: vec![],