diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index fed7957..6eb028d 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -7,12 +7,22 @@ on:
       - main
 
 jobs:
-  KMSv1:
+  E2E:
+    strategy:
+      matrix:
+        vault: [1.15, 1.16, 1.17]
+        versions:
+          - k8s_version: v1.28.0
+            kind_cfg: kind-config_v1.yaml
+          - k8s_version: v1.29.0
+            kind_cfg: kind-config_v2.yaml
+          - k8s_version: v1.30.0
+            kind_cfg: kind-config_v2.yaml
     runs-on: ubuntu-latest
 
     services:
       vault:
-        image: hashicorp/vault:1.15
+        image: hashicorp/vault:${{ matrix.vault }}
         env:
           VAULT_DEV_ROOT_TOKEN_ID: root
         credentials:
@@ -66,86 +76,8 @@ jobs:
         uses: helm/kind-action@v1
         with:
           cluster_name: kms
-          node_image: "kindest/node:v1.27.1"
-          config: scripts/kind-config_v1.yaml
-
-      - name: create a simple k8s secret
-        run: |
-          kubectl create secret generic secret --from-literal="key=value"
-          kubectl get secret secret -o json | jq '.data | map_values(@base64d)'
-          kubectl -n kube-system exec etcd-kms-control-plane -- sh -c "ETCDCTL_API=3 etcdctl \
-            --endpoints=https://127.0.0.1:2379 \
-            --cert /etc/kubernetes/pki/etcd/server.crt \
-            --key /etc/kubernetes/pki/etcd/server.key \
-            --cacert /etc/kubernetes/pki/etcd/ca.crt \
-            get /registry/secrets/default/secret" | hexdump -C
-
-      - name: rotate kms key
-        run: |
-          curl -X POST -H "X-Vault-Token: root" http://localhost:8200/v1/transit/keys/kms/rotate
-          kubectl get secret secret -o json | jq '.data | map_values(@base64d)'
-
-  KMSv2:
-    runs-on: ubuntu-latest
-
-    services:
-      vault:
-        image: hashicorp/vault:1.15
-        env:
-          VAULT_DEV_ROOT_TOKEN_ID: root
-        credentials:
-            username: ${{ secrets.DOCKERHUB_USERNAME }}
-            password: ${{ secrets.DOCKERHUB_TOKEN }}
-        ports:
-          - 8200:8200
-      registry:
-        image: registry:2
-        ports:
-          - 5000:5000
-        options: >-
-          --name registry
-
-    steps:
-      - name: connect registry to kind
-        run: |
-          docker network create kind
-          docker network connect kind registry
-
-      - name: configure vault
-        run: |
-            curl -X POST -H "X-Vault-Token: root" -d '{"type":"transit"}' http://localhost:8200/v1/sys/mounts/transit
-            curl -X PUT -H "X-Vault-Token: root" -d 'null' http://127.0.0.1:8200/v1/transit/keys/kms
-
-      - name: checkout repo
-        uses: actions/checkout@v4
-
-      - name: setup go
-        uses: actions/setup-go@v5
-        with:
-          go-version: '1.21.1'
-          cache: false
-
-      - name: setup qemu
-        uses: docker/setup-qemu-action@v3
-
-      - name: setup docker build
-        uses: docker/setup-buildx-action@v3
-        with:
-          driver-opts: network=host
-
-      - name: tag & push docker
-        uses: docker/build-push-action@v6
-        with:
-         context: .
-         push: true
-         tags: localhost:5000/vault-kubernetes-kms
-
-      - name: setup kind
-        uses: helm/kind-action@v1
-        with:
-          cluster_name: kms
-          node_image: "kindest/node:v1.29.2"
-          config: scripts/kind-config_v2.yaml
+          node_image: "kindest/node:${{ matrix.versions.k8s_version }}"
+          config: "scripts/${{ matrix.versions.kind_cfg }}"
 
       - name: create a simple k8s secret
         run: |