diff --git a/Makefile b/Makefile
index 8f85a38aa..1d7b08049 100644
--- a/Makefile
+++ b/Makefile
@@ -52,6 +52,7 @@ SKIP_CLEANUP ?=
 SKIP_AWS_TESTS ?= true
 SKIP_AWS_STATIC_CREDS_TEST ?= true
 SKIP_GCP_TESTS ?= true
+SKIP_HCPVSAPPS_TESTS ?= false
 
 # filter bats unit tests to run.
 BATS_TESTS_FILTER ?= .\*
diff --git a/scale-testing.mk b/scale-testing.mk
index 140ef3928..6b89b9a72 100644
--- a/scale-testing.mk
+++ b/scale-testing.mk
@@ -5,6 +5,11 @@
 AWS_REGION ?= us-east-2
 EKS_K8S_VERSION ?= 1.30
 
+# testing dev instances is currently not supported
+# TODO: create the docker registry (e.g. ECR) to enable dev builds
+VERSION ?= 0.8.1
+INTEGRATION_TESTS_PARALLEL ?= true
+
 # directories for cloud hosted k8s infrastructure for running tests
 # root directory for all integration tests
 TF_EKS_SRC_DIR ?= $(INTEGRATION_TEST_ROOT)/infra/scale-testing/eks-cluster
@@ -12,21 +17,12 @@ TF_EKS_STATE_DIR ?= $(TF_EKS_SRC_DIR)/state
 TF_DEPLOY_SRC_DIR ?= $(INTEGRATION_TEST_ROOT)/infra/scale-testing/deployments
 TF_DEPLOY_STATE_DIR ?= $(TF_DEPLOY_SRC_DIR)/state
 
-include ./Makefile
+SCALE_TESTS ?= 1
 
-.PHONY: create-eks
-create-eks: ## Create a new EKS cluster
-	@mkdir -p $(TF_EKS_STATE_DIR)
-	rm -f $(TF_EKS_STATE_DIR)/*.tf
-	cp -v $(TF_EKS_SRC_DIR)/*.tf $(TF_EKS_STATE_DIR)/.
-	$(TERRAFORM) -chdir=$(TF_EKS_STATE_DIR) init -upgrade
-	$(TERRAFORM) -chdir=$(TF_EKS_STATE_DIR) apply -auto-approve \
-		-var region=$(AWS_REGION) \
-		-var kubernetes_version=$(EKS_K8S_VERSION) || exit 1
-	rm -f $(TF_EKS_STATE_DIR)/*.tfvars
+include ./aws.mk
 
 .PHONY: deploy-workload
-deploy-workload: set-vault-license ## Deploy the workload to the EKS cluster
+deploy-workload: set-vault-license import-aws-vars ## Deploy the workload to the EKS cluster
 	@mkdir -p $(TF_DEPLOY_STATE_DIR)
 ifeq ($(VAULT_ENTERPRISE), true)
     ## ensure that the license is *not* emitted to the console
@@ -35,11 +31,33 @@ endif
 	rm -f $(TF_DEPLOY_STATE_DIR)/*.tf
 	cp -v $(TF_DEPLOY_SRC_DIR)/*.tf $(TF_DEPLOY_STATE_DIR)/.
 	$(TERRAFORM) -chdir=$(TF_DEPLOY_STATE_DIR) init -upgrade
-	$(TERRAFORM) -chdir=$(TF_DEPLOY_STATE_DIR) apply -auto-approve || exit 1
+	$(TERRAFORM) -chdir=$(TF_DEPLOY_STATE_DIR) apply -auto-approve \
+		-var cluster_name=$(EKS_CLUSTER_NAME) || exit 1
 	rm -f $(TF_DEPLOY_STATE_DIR)/*.tfvars
 
-.PHONY: destroy-eks
-destroy-eks: ## Destroy the EKS cluster
-	$(TERRAFORM) -chdir=$(TF_EKS_STATE_DIR) destroy -auto-approve \
-		-var region=$(AWS_REGION) \
-		-var kubernetes_version=$(EKS_K8S_VERSION) || exit 1
+.PHONY: update-kubeconfig
+update-kubeconfig: import-aws-vars
+	aws eks --region $(AWS_REGION) update-kubeconfig --name $(EKS_CLUSTER_NAME)
+
+.PHONY: cleanup-port-forward
+cleanup-port-forward: ## Kill orphan port-forward processes
+	@echo "Cleaning up orphan port-forward processes..."
+	@pgrep -f 'kubectl port-forward -n $(K8S_VAULT_NAMESPACE) statefulset/vault' | xargs -r kill -9 && \
+		echo "Port-forward processes terminated successfully." || \
+		echo "No port-forward processes found or an error occurred."
+
+.PHONY: set image scale-tests
+scale-tests: cleanup-port-forward set-image update-kubeconfig import-aws-vars
+	$(MAKE) port-forward &
+	SCALE_TESTS=true VAULT_ENTERPRISE=true ENT_TESTS=$(VAULT_ENTERPRISE) \
+	SUPPRESS_TF_OUTPUT=$(SUPPRESS_TF_OUTPUT) SKIP_CLEANUP=$(SKIP_CLEANUP) \
+	OPERATOR_IMAGE_REPO=$(IMAGE_TAG_BASE) OPERATOR_IMAGE_TAG=$(VERSION) \
+	OPERATOR_NAMESPACE=$(OPERATOR_NAMESPACE) \
+	VAULT_OIDC_DISC_URL=$(EKS_OIDC_URL) VAULT_OIDC_CA=false \
+	INTEGRATION_TESTS=true EKS_CLUSTER_NAME=$(EKS_CLUSTER_NAME) \
+	K8S_CLUSTER_CONTEXT=$(K8S_CLUSTER_CONTEXT) CGO_ENABLED=0 \
+	K8S_VAULT_NAMESPACE=$(K8S_VAULT_NAMESPACE) \
+	SKIP_AWS_TESTS=$(SKIP_AWS_TESTS) SKIP_AWS_STATIC_CREDS_TEST=$(SKIP_AWS_STATIC_CREDS_TEST) \
+	SKIP_GCP_TESTS=$(SKIP_GCP_TESTS) SKIP_HCPVSAPPS_TESTS=$(SKIP_HCPVSAPPS_TESTS) \
+	PARALLEL_INT_TESTS=$(INTEGRATION_TESTS_PARALLEL) \
+	go test github.com/hashicorp/vault-secrets-operator/test/integration/... $(TESTARGS) -timeout=30m
diff --git a/test/integration/hcpvaultsecretsapp_integration_test.go b/test/integration/hcpvaultsecretsapp_integration_test.go
index 19680779b..f076fd429 100644
--- a/test/integration/hcpvaultsecretsapp_integration_test.go
+++ b/test/integration/hcpvaultsecretsapp_integration_test.go
@@ -49,7 +49,7 @@ func TestHCPVaultSecretsApp(t *testing.T) {
 	}
 
 	testID := "hvs"
-	clusterName := os.Getenv("KIND_CLUSTER_NAME")
+	clusterName := kindClusterName
 	assert.NotEmpty(t, clusterName, "KIND_CLUSTER_NAME is not set")
 
 	operatorNS := os.Getenv("OPERATOR_NAMESPACE")
diff --git a/test/integration/infra/scale-testing/deployments/main.tf b/test/integration/infra/scale-testing/deployments/main.tf
index 541742446..06adb6af3 100644
--- a/test/integration/infra/scale-testing/deployments/main.tf
+++ b/test/integration/infra/scale-testing/deployments/main.tf
@@ -1,22 +1,6 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: BUSL-1.1
 
-module "vso-helm" {
-  source                       = "../../../../modules/vso-helm"
-  operator_namespace           = var.operator_namespace
-  operator_image_repo          = var.operator_image_repo
-  operator_image_tag           = var.operator_image_tag
-  enable_default_connection    = false
-  enable_default_auth_method   = false
-  operator_helm_chart_path     = var.operator_helm_chart_path
-  k8s_vault_connection_address = var.k8s_vault_connection_address
-
-  manager_extra_args = [
-    "-min-refresh-after-hvsa=3s",
-    "-zap-log-level=6"
-  ]
-}
-
 module "vault" {
   source               = "../../../../modules/vault"
   vault_license_path   = var.vault_license_path
diff --git a/test/integration/infra/scale-testing/deployments/providers.tf b/test/integration/infra/scale-testing/deployments/providers.tf
index b1ee971c8..9ca965411 100644
--- a/test/integration/infra/scale-testing/deployments/providers.tf
+++ b/test/integration/infra/scale-testing/deployments/providers.tf
@@ -1,34 +1,46 @@
 terraform {
   required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = "2.16.1"
-    }
     helm = {
       source  = "hashicorp/helm"
       version = "2.13.1"
     }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.30.0"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.49.0"
+    }
   }
 }
 
-data "terraform_remote_state" "eks" {
-  backend = "local"
+provider "aws" {
+  region = var.region
+}
 
-  config = {
-    path = "../../eks-cluster/state/terraform.tfstate"
-  }
+data "aws_eks_cluster" "cluster" {
+  name = var.cluster_name
 }
 
 provider "kubernetes" {
-  host                   = data.terraform_remote_state.eks.outputs.cluster_endpoint
-  cluster_ca_certificate = base64decode(data.terraform_remote_state.eks.outputs.cluster_certificate_authority)
-  token                  = data.terraform_remote_state.eks.outputs.eks_cluster_token
+  host                   = data.aws_eks_cluster.cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    args        = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.cluster.name]
+    command     = "aws"
+  }
 }
 
 provider "helm" {
   kubernetes {
-    host                   = data.terraform_remote_state.eks.outputs.cluster_endpoint
-    cluster_ca_certificate = base64decode(data.terraform_remote_state.eks.outputs.cluster_certificate_authority)
-    token                  = data.terraform_remote_state.eks.outputs.eks_cluster_token
+    host                   = data.aws_eks_cluster.cluster.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      args        = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.cluster.name]
+      command     = "aws"
+    }
   }
 }
diff --git a/test/integration/infra/scale-testing/deployments/variables.tf b/test/integration/infra/scale-testing/deployments/variables.tf
index ef4a2c926..11ed1bd60 100644
--- a/test/integration/infra/scale-testing/deployments/variables.tf
+++ b/test/integration/infra/scale-testing/deployments/variables.tf
@@ -1,116 +1,9 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: BUSL-1.1
 
-variable "operator_namespace" {
-  default = "vault-secrets-operator-system"
-}
-
-# The path to the local helm chart in our repository, this is used by helm to find the Chart.yaml
-variable "operator_helm_chart_path" {
-  default = "../../../../../../chart"
-}
-
-variable "enable_default_connection" {
-  type    = bool
-  default = true
-}
-
-variable "enable_default_auth_method" {
-  type    = bool
-  default = true
-}
-
-variable "k8s_vault_connection_address" {
-  default = ""
-}
-
-variable "k8s_auth_default_mount" {
-  default = ""
-}
-
-variable "vault_test_namespace" {
-  default = ""
-}
-
-variable "operator_allowednamespaces" {
-  type    = list(string)
-  default = []
-}
-
-variable "k8s_auth_default_role" {
-  default = ""
-}
-
-variable "k8s_auth_default_token_audiences" {
-  type    = list(string)
-  default = []
-}
-
-variable "operator_image_repo" {
-  default = "hashicorp/vault-secrets-operator"
-}
-
-variable "operator_image_tag" {
-  default = "0.8.1"
-}
-
-variable "cpu_limits" {
-  default = ""
-}
-
-variable "memory_limits" {
-  default = ""
-}
-
-variable "cpu_requests" {
-  default = ""
-}
-
-variable "memory_requests" {
-  default = ""
-}
-
-variable "client_cache_config" {
-  type = object({
-    persistence_model                = string
-    revoke_client_cache_on_uninstall = bool
-    storage_encryption = object({
-      enabled                         = bool
-      vault_connection_ref            = string
-      namespace                       = string
-      mount                           = string
-      transit_mount                   = string
-      key_name                        = string
-      method                          = string
-      kubernetes_auth_role            = string
-      kubernetes_auth_service_account = string
-      kubernetes_auth_token_audiences = string
-    })
-  })
-
-  default = {
-    persistence_model                = ""
-    revoke_client_cache_on_uninstall = false
-    storage_encryption = {
-      enabled                         = false
-      vault_connection_ref            = ""
-      namespace                       = ""
-      mount                           = ""
-      transit_mount                   = ""
-      key_name                        = ""
-      method                          = ""
-      kubernetes_auth_role            = ""
-      kubernetes_auth_service_account = ""
-      kubernetes_auth_token_audiences = ""
-    }
-  }
-}
-
-variable "manager_extra_args" {
-  type = list(string)
-  default = [
-    "-zap-log-level=5"
-  ]
+variable "cluster_name" {
+  description = "Name of the EKS cluster"
+  type        = string
 }
 
 variable "vault_license_path" {
@@ -137,18 +30,10 @@ variable "k8s_config_path" {
   default = "~/.kube/config"
 }
 
-variable "vault_image_repo" {
-  default = "docker.mirror.hashicorp.services/hashicorp/vault"
-}
-
 variable "vault_image_repo_ent" {
   default = "docker.mirror.hashicorp.services/hashicorp/vault-enterprise"
 }
 
-variable "vault_image_tag" {
-  default = "1.17"
-}
-
 variable "vault_image_tag_ent" {
   default = "1.17-ent"
 }
@@ -162,13 +47,11 @@ variable "vault_chart_version" {
   default = "0.28.1"
 }
 
-variable "install_kube_prometheus" {
-  type    = bool
-  default = false
+variable "region" {
+  description = "AWS region"
+  type        = string
+  default     = "us-east-2"
 }
 
-variable "metrics_server_enabled" {
-  type    = bool
-  default = true
-}
+
 
diff --git a/test/integration/infra/scale-testing/eks-cluster/main.tf b/test/integration/infra/scale-testing/eks-cluster/main.tf
index ac77cdfce..31bdb1f90 100644
--- a/test/integration/infra/scale-testing/eks-cluster/main.tf
+++ b/test/integration/infra/scale-testing/eks-cluster/main.tf
@@ -105,4 +105,14 @@ data "aws_eks_cluster" "cluster" {
 data "aws_eks_cluster_auth" "cluster" {
   name       = module.eks.cluster_name
   depends_on = [module.eks.cluster_endpoint]
-}
\ No newline at end of file
+}
+
+resource "local_file" "env_file" {
+  filename = "${path.module}/outputs.env"
+  content  = <<EOT
+EKS_OIDC_URL=${module.eks.cluster_oidc_issuer_url}
+EKS_CLUSTER_NAME=${module.eks.cluster_name}
+AWS_REGION=${var.region}
+K8S_CLUSTER_CONTEXT=${module.eks.cluster_arn}
+EOT
+}
diff --git a/test/integration/integration_test.go b/test/integration/integration_test.go
index e9290cfc8..422246b47 100644
--- a/test/integration/integration_test.go
+++ b/test/integration/integration_test.go
@@ -18,6 +18,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"runtime"
+	"strconv"
 	"sync"
 	"syscall"
 	"testing"
@@ -73,6 +74,9 @@ var (
 	// make tests more verbose
 	withExtraVerbosity = os.Getenv("WITH_EXTRA_VERBOSITY") != ""
 	testInParallel     = os.Getenv("INTEGRATION_TESTS_PARALLEL") != ""
+	isScaleTest        = os.Getenv("SCALE_TESTS") != ""
+	eksClusterName     = os.Getenv("EKS_CLUSTER_NAME")
+	kindClusterName    = os.Getenv("KIND_CLUSTER_NAME")
 	// set in TestMain
 	clusterName       string
 	operatorImageRepo string
@@ -128,11 +132,22 @@ const (
 
 func TestMain(m *testing.M) {
 	if os.Getenv("INTEGRATION_TESTS") != "" {
-		clusterName = os.Getenv("KIND_CLUSTER_NAME")
-		if clusterName == "" {
-			os.Stderr.WriteString("error: KIND_CLUSTER_NAME is not set\n")
-			os.Exit(1)
+		if isScaleTest {
+			// When SCALE_TESTS is set, use EKS cluster
+			clusterName = eksClusterName
+			if clusterName == "" {
+				os.Stderr.WriteString("error: EKS_CLUSTER_NAME is not set\n")
+				os.Exit(1)
+			}
+		} else {
+			// Otherwise, use KIND cluster
+			clusterName = kindClusterName
+			if clusterName == "" {
+				os.Stderr.WriteString("error: KIND_CLUSTER_NAME is not set\n")
+				os.Exit(1)
+			}
 		}
+
 		operatorImageRepo = os.Getenv("OPERATOR_IMAGE_REPO")
 		operatorImageTag = os.Getenv("OPERATOR_IMAGE_TAG")
 		utilruntime.Must(clientgoscheme.AddToScheme(scheme))
@@ -180,9 +195,23 @@ func TestMain(m *testing.M) {
 		os.Exit(1)
 	}
 
+	var providerFile string
+	if isScaleTest {
+		providerFile = "eks.tf"
+	} else {
+		providerFile = "kind.tf"
+	}
+	providersDir := path.Join(testRoot, "operator/providers")
+
 	tfDir, err := files.CopyTerraformFolderToDest(
 		path.Join(testRoot, "operator/terraform"), tempDir, "terraform")
 
+	// copy the provider file to the terraform directory
+	if err := files.CopyFile(path.Join(providersDir, providerFile), path.Join(tfDir, "providers.tf")); err != nil {
+		log.Printf("Failed to copy provider file, err=%s", err)
+		os.Exit(1)
+	}
+
 	log.Printf("Test Root: %s", testRoot)
 	_, err = copyModulesDir(tfDir)
 	if err != nil {
@@ -206,6 +235,7 @@ func TestMain(m *testing.M) {
 		// Set the path to the Terraform code that will be tested.
 		TerraformDir: tfDir,
 		Vars: map[string]interface{}{
+			"cluster_name":                 clusterName,
 			"k8s_vault_connection_address": testVaultAddress,
 			"k8s_config_context":           k8sConfigContext,
 			"k8s_vault_namespace":          k8sVaultNamespace,
@@ -599,6 +629,9 @@ func deployOperatorWithKustomizeE(t *testing.T, k8sOpts *k8s.KubectlOptions, kus
 // undeploying the Operator from Kubernetes.
 func exportKindLogsT(t *testing.T) {
 	t.Helper()
+	if isScaleTest {
+		return
+	}
 	require.NoError(t, exportKindLogs(t.Name(), t.Failed()))
 }
 
@@ -1139,3 +1172,19 @@ func setupSignalHandler() (context.Context, context.CancelFunc) {
 
 	return ctx, cancel
 }
+
+// getEnvInt fetches an integer from an environment variable. It returns the value
+// and a boolean indicating if the variable exists and is valid. If conversion fails,
+// the test fails.
+func getEnvInt(t *testing.T, key string) (int, bool) {
+	t.Helper()
+	value, exists := os.LookupEnv(key)
+	if exists {
+		if intValue, err := strconv.Atoi(value); err == nil {
+			return intValue, true
+		} else {
+			require.NoErrorf(t, err, "failed to convert %s=%s to int", key, value)
+		}
+	}
+	return 0, false
+}
diff --git a/test/integration/modules/metrics/metrics-server.tf b/test/integration/modules/metrics/metrics-server.tf
deleted file mode 100644
index 52fe699da..000000000
--- a/test/integration/modules/metrics/metrics-server.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-# helm upgrade --install --set args={--kubelet-insecure-tls} metrics-server metrics-server/metrics-server --namespace kube-system
-
-resource "helm_release" "metrics_server" {
-  count      = var.metrics_server_enabled ? 1 : 0
-  name       = "metrics-server"
-  repository = "https://kubernetes-sigs.github.io/metrics-server"
-  chart      = "metrics-server"
-  namespace  = "kube-system"
-
-  set {
-    name  = "args"
-    value = "{--kubelet-insecure-tls}"
-  }
-}
diff --git a/test/integration/modules/metrics/prometheus.tf b/test/integration/modules/metrics/prometheus.tf
deleted file mode 100644
index 7ff726073..000000000
--- a/test/integration/modules/metrics/prometheus.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-resource "helm_release" "kube-prometheus" {
-  count            = var.install_kube_prometheus ? 1 : 0
-  namespace        = "kube-prometheus"
-  name             = "kube-prometheus"
-  create_namespace = true
-  wait             = true
-  wait_for_jobs    = true
-  repository       = "https://prometheus-community.github.io/helm-charts"
-  chart            = "kube-prometheus-stack"
-  version          = "39.6.0"
-}
diff --git a/test/integration/modules/metrics/variables.tf b/test/integration/modules/metrics/variables.tf
deleted file mode 100644
index 9600dc409..000000000
--- a/test/integration/modules/metrics/variables.tf
+++ /dev/null
@@ -1,12 +0,0 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
-variable "install_kube_prometheus" {
-  type    = bool
-  default = false
-}
-
-variable "metrics_server_enabled" {
-  type    = bool
-  default = true
-}
\ No newline at end of file
diff --git a/test/integration/operator/terraform/argocd.tf b/test/integration/modules/operator/argocd.tf
similarity index 100%
rename from test/integration/operator/terraform/argocd.tf
rename to test/integration/modules/operator/argocd.tf
diff --git a/test/integration/operator/terraform/locals.tf b/test/integration/modules/operator/locals.tf
similarity index 100%
rename from test/integration/operator/terraform/locals.tf
rename to test/integration/modules/operator/locals.tf
diff --git a/test/integration/modules/operator/main.tf b/test/integration/modules/operator/main.tf
new file mode 100644
index 000000000..e8904d7aa
--- /dev/null
+++ b/test/integration/modules/operator/main.tf
@@ -0,0 +1,77 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# kubernetes auth config
+resource "vault_auth_backend" "default" {
+  path = "operator"
+  type = "kubernetes"
+}
+
+resource "vault_kubernetes_auth_backend_config" "operator" {
+  namespace              = vault_auth_backend.default.namespace
+  backend                = vault_auth_backend.default.path
+  kubernetes_host        = var.k8s_host
+  disable_iss_validation = true
+}
+
+resource "vault_policy" "revocation" {
+  name   = "operator-revocation"
+  policy = <<EOT
+path "sys/leases/revoke" {
+  capabilities = ["update"]
+}
+EOT
+}
+
+
+resource "kubernetes_manifest" "vault-connection-default" {
+  count = !var.deploy_operator_via_helm ? 1 : 0
+  manifest = {
+    apiVersion = "secrets.hashicorp.com/v1beta1"
+    kind       = "VaultConnection"
+    metadata = {
+      name      = "default"
+      namespace = local.operator_namespace
+    }
+    spec = {
+      address = var.k8s_vault_connection_address
+    }
+  }
+
+  field_manager {
+    # force field manager conflicts to be overridden
+    force_conflicts = true
+  }
+}
+
+module "vso-helm" {
+  count                        = var.deploy_operator_via_helm ? 1 : 0
+  source                       = "../vso-helm"
+  operator_namespace           = var.operator_namespace
+  operator_image_repo          = var.operator_image_repo
+  operator_image_tag           = var.operator_image_tag
+  enable_default_connection    = var.enable_default_connection
+  enable_default_auth_method   = false
+  operator_helm_chart_path     = var.operator_helm_chart_path
+  k8s_vault_connection_address = var.k8s_vault_connection_address
+  client_cache_config = {
+    persistence_model                = "direct-encrypted"
+    revoke_client_cache_on_uninstall = false
+    storage_encryption = {
+      enabled                         = true
+      vault_connection_ref            = ""
+      namespace                       = ""
+      method                          = vault_auth_backend.default.type
+      mount                           = vault_auth_backend.default.path
+      transit_mount                   = vault_transit_secret_cache_config.cache.backend
+      key_name                        = vault_transit_secret_backend_key.cache.name
+      kubernetes_auth_role            = vault_kubernetes_auth_backend_role.operator.role_name
+      kubernetes_auth_service_account = local.operator_service_account_name
+      kubernetes_auth_token_audiences = "{${vault_kubernetes_auth_backend_role.operator.audience}}"
+    }
+  }
+  manager_extra_args = [
+    "-min-refresh-after-hvsa=3s",
+    "-zap-log-level=6"
+  ]
+}
diff --git a/test/integration/modules/operator/outputs.tf b/test/integration/modules/operator/outputs.tf
new file mode 100644
index 000000000..dbf88a814
--- /dev/null
+++ b/test/integration/modules/operator/outputs.tf
@@ -0,0 +1,30 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+output "k8s_namespace" {
+  value = local.k8s_namespace
+}
+
+output "auth_role_operator" {
+  value = local.auth_role_operator
+}
+
+output "transit_ref" {
+  value = one(kubernetes_manifest.vault-auth-operator[*].manifest.metadata.name)
+}
+
+output "transit_path" {
+  value = vault_mount.transit.path
+}
+
+output "transit_key_name" {
+  value = vault_transit_secret_backend_key.cache.name
+}
+
+output "k8s_config_context" {
+  value = var.k8s_config_context
+}
+
+output "namespace" {
+  value = local.operator_namespace
+}
diff --git a/test/integration/operator/terraform/transit.tf b/test/integration/modules/operator/transit.tf
similarity index 100%
rename from test/integration/operator/terraform/transit.tf
rename to test/integration/modules/operator/transit.tf
diff --git a/test/integration/modules/operator/variables.tf b/test/integration/modules/operator/variables.tf
new file mode 100644
index 000000000..935747769
--- /dev/null
+++ b/test/integration/modules/operator/variables.tf
@@ -0,0 +1,62 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+variable "operator_namespace" {
+  default = "vault-secrets-operator-system"
+}
+
+variable "k8s_config_context" {
+  default = "kind-vault-secrets-operator"
+}
+
+variable "k8s_config_path" {
+  default = "~/.kube/config"
+}
+
+variable "k8s_host" {
+  default = "https://kubernetes.default.svc"
+}
+
+variable "vault_enterprise" {
+  type    = bool
+  default = false
+}
+
+variable "vault_token_period" {
+  default = 30
+}
+
+variable "vault_db_default_lease_ttl" {
+  default = 60
+}
+
+variable "deploy_operator_via_helm" {
+  type    = bool
+  default = false
+}
+
+variable "operator_helm_chart_path" {
+  default = "../../../chart"
+}
+
+variable "enable_default_connection" {
+  type    = bool
+  default = false
+}
+
+variable "enable_default_auth_method" {
+  type    = bool
+  default = false
+}
+
+variable "k8s_vault_connection_address" {
+  default = ""
+}
+
+variable "operator_image_repo" {
+  default = "hashicorp/vault-secrets-operator"
+}
+
+variable "operator_image_tag" {
+  default = "0.0.0-dev"
+}
diff --git a/test/integration/operator/providers/eks.tf b/test/integration/operator/providers/eks.tf
new file mode 100644
index 000000000..1e5860026
--- /dev/null
+++ b/test/integration/operator/providers/eks.tf
@@ -0,0 +1,35 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+data "aws_eks_cluster" "cluster" {
+  name = var.cluster_name
+}
+
+// copied to kind.tf
+provider "vault" {
+  # Configuration options
+  address = var.vault_address
+  token   = var.vault_token
+}
+
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    args        = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.cluster.name]
+    command     = "aws"
+  }
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = data.aws_eks_cluster.cluster.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      args        = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.cluster.name]
+      command     = "aws"
+    }
+  }
+}
diff --git a/test/integration/operator/providers/kind.tf b/test/integration/operator/providers/kind.tf
new file mode 100644
index 000000000..084773e78
--- /dev/null
+++ b/test/integration/operator/providers/kind.tf
@@ -0,0 +1,21 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+// copied from eks.tf
+provider "vault" {
+  # Configuration options
+  address = var.vault_address
+  token   = var.vault_token
+}
+
+provider "helm" {
+  kubernetes {
+    config_context = var.k8s_config_context
+    config_path    = var.k8s_config_path
+  }
+}
+
+provider "kubernetes" {
+  config_context = var.k8s_config_context
+  config_path    = var.k8s_config_path
+}
diff --git a/test/integration/operator/terraform/main.tf b/test/integration/operator/terraform/main.tf
index f434ed7d5..71a06c2e9 100644
--- a/test/integration/operator/terraform/main.tf
+++ b/test/integration/operator/terraform/main.tf
@@ -18,95 +18,13 @@ terraform {
   }
 }
 
-provider "vault" {
-  # Configuration options
-  address = var.vault_address
-  token   = var.vault_token
-}
-
-provider "helm" {
-  kubernetes {
-    config_context = var.k8s_config_context
-    config_path    = var.k8s_config_path
-  }
-}
-
-provider "kubernetes" {
-  config_context = var.k8s_config_context
-  config_path    = var.k8s_config_path
-}
-
-# kubernetes auth config
-resource "vault_auth_backend" "default" {
-  path = "operator"
-  type = "kubernetes"
-}
-
-resource "vault_kubernetes_auth_backend_config" "operator" {
-  namespace              = vault_auth_backend.default.namespace
-  backend                = vault_auth_backend.default.path
-  kubernetes_host        = var.k8s_host
-  disable_iss_validation = true
-}
-
-resource "vault_policy" "revocation" {
-  name   = "operator-revocation"
-  policy = <<EOT
-path "sys/leases/revoke" {
-  capabilities = ["update"]
-}
-EOT
-}
-
-
-resource "kubernetes_manifest" "vault-connection-default" {
-  count = !var.deploy_operator_via_helm ? 1 : 0
-  manifest = {
-    apiVersion = "secrets.hashicorp.com/v1beta1"
-    kind       = "VaultConnection"
-    metadata = {
-      name      = "default"
-      namespace = local.operator_namespace
-    }
-    spec = {
-      address = var.k8s_vault_connection_address
-    }
-  }
-
-  field_manager {
-    # force field manager conflicts to be overridden
-    force_conflicts = true
-  }
-}
-
-module "vso-helm" {
-  count                        = var.deploy_operator_via_helm ? 1 : 0
-  source                       = "../../modules/vso-helm"
+module "operator" {
+  source                       = "../../modules/operator"
+  deploy_operator_via_helm     = var.deploy_operator_via_helm
   operator_namespace           = var.operator_namespace
   operator_image_repo          = var.operator_image_repo
   operator_image_tag           = var.operator_image_tag
   enable_default_connection    = var.enable_default_connection
-  enable_default_auth_method   = false
   operator_helm_chart_path     = var.operator_helm_chart_path
   k8s_vault_connection_address = var.k8s_vault_connection_address
-  client_cache_config = {
-    persistence_model                = "direct-encrypted"
-    revoke_client_cache_on_uninstall = false
-    storage_encryption = {
-      enabled                         = true
-      vault_connection_ref            = ""
-      namespace                       = ""
-      method                          = vault_auth_backend.default.type
-      mount                           = vault_auth_backend.default.path
-      transit_mount                   = vault_transit_secret_cache_config.cache.backend
-      key_name                        = vault_transit_secret_backend_key.cache.name
-      kubernetes_auth_role            = vault_kubernetes_auth_backend_role.operator.role_name
-      kubernetes_auth_service_account = local.operator_service_account_name
-      kubernetes_auth_token_audiences = "{${vault_kubernetes_auth_backend_role.operator.audience}}"
-    }
-  }
-  manager_extra_args = [
-    "-min-refresh-after-hvsa=3s",
-    "-zap-log-level=6"
-  ]
 }
diff --git a/test/integration/operator/terraform/outputs.tf b/test/integration/operator/terraform/outputs.tf
index b193f68a6..106c1cf30 100644
--- a/test/integration/operator/terraform/outputs.tf
+++ b/test/integration/operator/terraform/outputs.tf
@@ -2,23 +2,29 @@
 # SPDX-License-Identifier: BUSL-1.1
 
 output "k8s_namespace" {
-  value = local.k8s_namespace
+  value = module.operator.k8s_namespace
 }
+
 output "auth_role_operator" {
-  value = local.auth_role_operator
+  value = module.operator.auth_role_operator
 }
+
 output "transit_ref" {
-  value = one(kubernetes_manifest.vault-auth-operator[*].manifest.metadata.name)
+  value = module.operator.transit_ref
 }
+
 output "transit_path" {
-  value = vault_mount.transit.path
+  value = module.operator.transit_path
 }
+
 output "transit_key_name" {
-  value = vault_transit_secret_backend_key.cache.name
+  value = module.operator.transit_key_name
 }
+
 output "k8s_config_context" {
-  value = var.k8s_config_context
+  value = module.operator.k8s_config_context
 }
+
 output "namespace" {
-  value = local.operator_namespace
+  value = module.operator.namespace
 }
diff --git a/test/integration/operator/terraform/variables.tf b/test/integration/operator/terraform/variables.tf
index 621b65c92..9f29558a5 100644
--- a/test/integration/operator/terraform/variables.tf
+++ b/test/integration/operator/terraform/variables.tf
@@ -67,3 +67,9 @@ variable "operator_image_repo" {
 variable "operator_image_tag" {
   default = "0.0.0-dev"
 }
+
+variable "cluster_name" {
+  description = "Name of the EKS cluster"
+  type        = string
+  default     = ""
+}
diff --git a/test/integration/vaultdynamicsecret/terraform/postgres.tf b/test/integration/vaultdynamicsecret/terraform/postgres.tf
index 61749c638..437a0d2a5 100644
--- a/test/integration/vaultdynamicsecret/terraform/postgres.tf
+++ b/test/integration/vaultdynamicsecret/terraform/postgres.tf
@@ -8,6 +8,11 @@ resource "helm_release" "postgres" {
   wait             = true
   wait_for_jobs    = true
 
+  set {
+    name  = "primary.persistence.enabled"
+    value = var.postgres_enable_persistence ? "true" : "false"
+  }
+
   repository = "https://charts.bitnami.com/bitnami"
   chart      = "postgresql"
 }
diff --git a/test/integration/vaultdynamicsecret/terraform/variables.tf b/test/integration/vaultdynamicsecret/terraform/variables.tf
index 997347876..2288454fb 100644
--- a/test/integration/vaultdynamicsecret/terraform/variables.tf
+++ b/test/integration/vaultdynamicsecret/terraform/variables.tf
@@ -91,3 +91,10 @@ variable "with_xns" {
   type    = bool
   default = false
 }
+
+# postgres_enable_persistence is a boolean that determines if the test should run with persistence enabled
+# if scale tests are run, this should be set to false
+variable "postgres_enable_persistence" {
+  type    = bool
+  default = true
+}
diff --git a/test/integration/vaultdynamicsecret_integration_test.go b/test/integration/vaultdynamicsecret_integration_test.go
index 16799a420..4dce1a3fa 100644
--- a/test/integration/vaultdynamicsecret_integration_test.go
+++ b/test/integration/vaultdynamicsecret_integration_test.go
@@ -63,8 +63,11 @@ type dynamicK8SOutputs struct {
 	XnsMemberEntityIDs []string `json:"xns_member_entity_ids"`
 }
 
-// updated in init()
-var withStaticRoleScheduled = true
+var (
+	postgresEnablePersistence bool
+	// updated in init()
+	withStaticRoleScheduled = true
+)
 
 func init() {
 	vaultImageTag := os.Getenv("VAULT_IMAGE_TAG")
@@ -83,12 +86,35 @@ func TestVaultDynamicSecret(t *testing.T) {
 		t.Parallel()
 	}
 
-	clusterName := os.Getenv("KIND_CLUSTER_NAME")
-	require.NotEmpty(t, clusterName, "KIND_CLUSTER_NAME is not set")
+	var clusterName string
+	if isScaleTest {
+		postgresEnablePersistence = false
+		// When SCALE_TESTS is set, use EKS cluster
+		clusterName = eksClusterName
+		require.NotEmpty(t, clusterName, "EKS_CLUSTER_NAME is not set")
+	} else {
+		// Otherwise, use KIND cluster
+		clusterName = kindClusterName
+		require.NotEmpty(t, clusterName, "KIND_CLUSTER_NAME is not set")
+	}
 
 	operatorNS := os.Getenv("OPERATOR_NAMESPACE")
 	require.NotEmpty(t, operatorNS, "OPERATOR_NAMESPACE is not set")
 
+	// TODO: Extend this to support other dynamic create test cases
+	defaultCreate := 5 // Default count if no VDS_CREATE_COUNT is set
+	if vdsCreateCount, exists := getEnvInt(t, "VDS_CREATE_COUNT"); exists {
+		defaultCreate = vdsCreateCount
+	}
+
+	createOnlyCount, mixedCount := defaultCreate, defaultCreate
+	if v, exists := getEnvInt(t, "VDS_CREATE_ONLY"); exists {
+		createOnlyCount = v
+	}
+	if v, exists := getEnvInt(t, "VDS_MIXED_CREATE"); exists {
+		mixedCount = v
+	}
+
 	ctx := context.Background()
 	crdClient := getCRDClient(t)
 	var created []ctrlclient.Object
@@ -113,13 +139,14 @@ func TestVaultDynamicSecret(t *testing.T) {
 			"k8s_config_context":  k8sConfigContext,
 			"k8s_vault_namespace": k8sVaultNamespace,
 			// the service account is created in test/integration/infra/main.tf
-			"k8s_vault_service_account":  "vault",
-			"name_prefix":                "vds",
-			"vault_address":              os.Getenv("VAULT_ADDRESS"),
-			"vault_token":                os.Getenv("VAULT_TOKEN"),
-			"vault_token_period":         120,
-			"vault_db_default_lease_ttl": 15,
-			"with_static_role_scheduled": withStaticRoleScheduled,
+			"k8s_vault_service_account":   "vault",
+			"name_prefix":                 "vds",
+			"vault_address":               os.Getenv("VAULT_ADDRESS"),
+			"vault_token":                 os.Getenv("VAULT_TOKEN"),
+			"vault_token_period":          120,
+			"vault_db_default_lease_ttl":  15,
+			"with_static_role_scheduled":  withStaticRoleScheduled,
+			"postgres_enable_persistence": postgresEnablePersistence,
 		},
 	}
 	if entTests {
@@ -228,7 +255,7 @@ func TestVaultDynamicSecret(t *testing.T) {
 		},
 		{
 			name:            "create-only",
-			create:          5,
+			create:          createOnlyCount,
 			withArgoRollout: true,
 			expected: map[string]int{
 				helpers.SecretDataKeyRaw: 100,
@@ -238,7 +265,7 @@ func TestVaultDynamicSecret(t *testing.T) {
 		},
 		{
 			name:               "mixed",
-			create:             5,
+			create:             mixedCount,
 			createStatic:       5,
 			createNonRenewable: 5,
 			existing:           5,
@@ -644,8 +671,17 @@ func TestVaultDynamicSecret_vaultClientCallback(t *testing.T) {
 		t.Parallel()
 	}
 
-	clusterName := os.Getenv("KIND_CLUSTER_NAME")
-	require.NotEmpty(t, clusterName, "KIND_CLUSTER_NAME is not set")
+	var clusterName string
+	if isScaleTest {
+		postgresEnablePersistence = false
+		// When SCALE_TESTS is set, use EKS cluster
+		clusterName = eksClusterName
+		require.NotEmpty(t, clusterName, "EKS_CLUSTER_NAME is not set")
+	} else {
+		// Otherwise, use KIND cluster
+		clusterName = kindClusterName
+		require.NotEmpty(t, clusterName, "KIND_CLUSTER_NAME is not set")
+	}
 
 	ctx := context.Background()
 	crdClient := getCRDClient(t)
@@ -680,7 +716,8 @@ func TestVaultDynamicSecret_vaultClientCallback(t *testing.T) {
 			"vault_db_default_lease_ttl": 600,
 			"with_static_role_scheduled": withStaticRoleScheduled,
 			// disabling until https://github.com/hashicorp/terraform-provider-vault/pull/2289 is released
-			"with_xns": false,
+			"with_xns":                    false,
+			"postgres_enable_persistence": postgresEnablePersistence,
 		},
 	}
 	if entTests {
diff --git a/test/integration/vaultpkisecret_integration_test.go b/test/integration/vaultpkisecret_integration_test.go
index 76511ec0d..1afd6e185 100644
--- a/test/integration/vaultpkisecret_integration_test.go
+++ b/test/integration/vaultpkisecret_integration_test.go
@@ -47,13 +47,37 @@ func TestVaultPKISecret(t *testing.T) {
 	operatorNS := os.Getenv("OPERATOR_NAMESPACE")
 	require.NotEmpty(t, operatorNS, "OPERATOR_NAMESPACE is not set")
 
-	clusterName := os.Getenv("KIND_CLUSTER_NAME")
-	require.NotEmpty(t, clusterName, "KIND_CLUSTER_NAME is not set")
+	var clusterName string
+	if isScaleTest {
+		// When SCALE_TESTS is set, use EKS cluster
+		clusterName = eksClusterName
+		require.NotEmpty(t, clusterName, "EKS_CLUSTER_NAME is not set")
+	} else {
+		// Otherwise, use KIND cluster
+		clusterName = kindClusterName
+		require.NotEmpty(t, clusterName, "KIND_CLUSTER_NAME is not set")
+	}
 	k8sConfigContext := os.Getenv("K8S_CLUSTER_CONTEXT")
 	if k8sConfigContext == "" {
 		k8sConfigContext = "kind-" + clusterName
 	}
 
+	defaultCreate := 5 // Default count if no VPS_CREATE_COUNT is set
+	if vpsCreateCount, exists := getEnvInt(t, "VPS_CREATE_COUNT"); exists {
+		defaultCreate = vpsCreateCount
+	}
+
+	createOnlyCount, mixedCount, createTLSCount := defaultCreate, defaultCreate, defaultCreate
+	if v, exists := getEnvInt(t, "VPS_CREATE_ONLY"); exists {
+		createOnlyCount = v
+	}
+	if v, exists := getEnvInt(t, "VPS_MIXED_CREATE"); exists {
+		mixedCount = v
+	}
+	if v, exists := getEnvInt(t, "VPS_MIXED_CREATE"); exists {
+		createTLSCount = v
+	}
+
 	tempDir, err := os.MkdirTemp(os.TempDir(), t.Name())
 	require.Nil(t, err)
 
@@ -210,16 +234,16 @@ func TestVaultPKISecret(t *testing.T) {
 		},
 		{
 			name:   "create-only",
-			create: 1,
+			create: createOnlyCount,
 		},
 		{
 			name:     "mixed",
 			existing: getExisting(),
-			create:   5,
+			create:   mixedCount,
 		},
 		{
 			name:       "create-tls",
-			create:     2,
+			create:     createTLSCount,
 			secretType: corev1.SecretTypeTLS,
 		},
 	}
diff --git a/test/integration/vaultstaticsecret_integration_test.go b/test/integration/vaultstaticsecret_integration_test.go
index e7a52a920..f050ac3a9 100644
--- a/test/integration/vaultstaticsecret_integration_test.go
+++ b/test/integration/vaultstaticsecret_integration_test.go
@@ -57,6 +57,27 @@ func TestVaultStaticSecret(t *testing.T) {
 	operatorNS := os.Getenv("OPERATOR_NAMESPACE")
 	require.NotEmpty(t, operatorNS, "OPERATOR_NAMESPACE is not set")
 
+	defaultCreate := 2 // Default count if no VSS_CREATE_COUNT is set
+	if vssCreateCount, exists := getEnvInt(t, "VSS_CREATE_COUNT"); exists {
+		defaultCreate = vssCreateCount
+	}
+
+	kvv1Count, kvv2Count, bothCount, kvv2FixedCount, mixedBothCount, eventsBothCount := defaultCreate, defaultCreate, defaultCreate, defaultCreate, defaultCreate, defaultCreate
+
+	counts := map[string]*int{
+		"VSS_KVV1_CREATE":        &kvv1Count,
+		"VSS_KVV2_CREATE":        &kvv2Count,
+		"VSS_BOTH_CREATE":        &bothCount,
+		"VSS_KVV2_FIXED_CREATE":  &kvv2FixedCount,
+		"VSS_MIXED_BOTH_CREATE":  &mixedBothCount,
+		"VSS_EVENTS_BOTH_CREATE": &eventsBothCount,
+	}
+	for key, count := range counts {
+		if v, exists := getEnvInt(t, key); exists {
+			*count = v
+		}
+	}
+
 	// The events tests require Vault Enterprise >= 1.16.3, and since that
 	// changes the app policy required we need to set a flag in the test
 	// terraform
@@ -292,23 +313,23 @@ func TestVaultStaticSecret(t *testing.T) {
 		},
 		{
 			name:        "create-kv-v1",
-			create:      2,
+			create:      kvv1Count,
 			createTypes: []string{consts.KVSecretTypeV1},
 		},
 		{
 			name:        "create-kv-v2",
-			create:      1,
+			create:      kvv2Count,
 			createTypes: []string{consts.KVSecretTypeV2},
 		},
 		{
 			name:        "create-kv-v2-fixed-version",
-			create:      2,
+			create:      kvv2FixedCount,
 			createTypes: []string{consts.KVSecretTypeV2},
 			version:     1,
 		},
 		{
 			name:        "create-both",
-			create:      2,
+			create:      bothCount,
 			createTypes: []string{consts.KVSecretTypeV1, consts.KVSecretTypeV2},
 		},
 		{
@@ -324,7 +345,7 @@ func TestVaultStaticSecret(t *testing.T) {
 				},
 			},
 			existing:    getExisting(),
-			create:      2,
+			create:      mixedBothCount,
 			createTypes: []string{consts.KVSecretTypeV1, consts.KVSecretTypeV2},
 		},
 		{
@@ -349,7 +370,7 @@ func TestVaultStaticSecret(t *testing.T) {
 				}
 				return vss
 			}(),
-			create:      2,
+			create:      eventsBothCount,
 			createTypes: []string{consts.KVSecretTypeV1, consts.KVSecretTypeV2},
 			useEvents:   true,
 		},