diff --git a/CHANGELOG.md b/CHANGELOG.md
index d9af314cd4a..fd4216996ac 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -62,13 +62,10 @@ Here is an overview of all new **experimental** features:
 
 - **General**: Add parameter queryParameters to prometheus-scaler ([#4962](https://github.com/kedacore/keda/issues/4962))
 - **General**: Support TriggerAuthentication properties from ConfigMap ([#4830](https://github.com/kedacore/keda/issues/4830))
+- **Hashicorp Vault*: Fix operator panic when spec.hashiCorpVault.credential.serviceAccount is not set ([#4964](https://github.com/kedacore/keda/issues/4964))
 - **Hashicorp Vault**: Add support to get secret that needs write operation (e.g. pki) ([#5067](https://github.com/kedacore/keda/issues/5067))
 - **Kafka Scaler**: Ability to set upper bound to the number of partitions with lag ([#3997](https://github.com/kedacore/keda/issues/3997))
 - **Kafka Scaler**: Add support for Kerberos authentication (SASL / GSSAPI) ([#4836](https://github.com/kedacore/keda/issues/4836))
-- **Hashicorp Vault*: Fix operator panic when spec.hashiCorpVault.credential.serviceAccount is not set ([#4964](https://github.com/kedacore/keda/issues/4964))
-
-also move this up ^
-
 - **Prometheus Metrics**: Introduce paused ScaledObjects in Prometheus metrics ([#4430](https://github.com/kedacore/keda/issues/4430))
 - **Pulsar Scaler**: support endpointParams in pulsar oauth ([#5069](https://github.com/kedacore/keda/issues/5069))
 
diff --git a/pkg/scaling/resolver/hashicorpvault_handler.go b/pkg/scaling/resolver/hashicorpvault_handler.go
index dec0c26ee42..b2c7f94f6e5 100644
--- a/pkg/scaling/resolver/hashicorpvault_handler.go
+++ b/pkg/scaling/resolver/hashicorpvault_handler.go
@@ -111,7 +111,10 @@ func (vh *HashicorpVaultHandler) token(client *vaultapi.Client) (string, error)
 		}
 
 		if vh.vault.Credential == nil {
-			vh.vault.Credential.ServiceAccount = "/var/run/secrets/kubernetes.io/serviceaccount/token"
+			defaultCred := kedav1alpha1.Credential{
+				ServiceAccount: "/var/run/secrets/kubernetes.io/serviceaccount/token",
+			}
+			vh.vault.Credential = &defaultCred
 		}
 
 		if len(vh.vault.Credential.ServiceAccount) == 0 {
diff --git a/pkg/scaling/resolver/hashicorpvault_handler_test.go b/pkg/scaling/resolver/hashicorpvault_handler_test.go
index d05397fae9d..9faf1e3c5c7 100644
--- a/pkg/scaling/resolver/hashicorpvault_handler_test.go
+++ b/pkg/scaling/resolver/hashicorpvault_handler_test.go
@@ -345,6 +345,25 @@ func TestHashicorpVaultHandler_ResolveSecret(t *testing.T) {
 	}
 }
 
+func TestHashicorpVaultHandler_DefaultKubernetesVaultRole(t *testing.T) {
+	defaultServiceAccountPath := "/var/run/secrets/kubernetes.io/serviceaccount/token"
+	server := mockVault(t)
+	defer server.Close()
+
+	vault := kedav1alpha1.HashiCorpVault{
+		Address:        server.URL,
+		Authentication: kedav1alpha1.VaultAuthenticationKubernetes,
+		Mount:          "my-mount",
+		Role:           "my-role",
+	}
+
+	vaultHandler := NewHashicorpVaultHandler(&vault)
+	err := vaultHandler.Initialize(logf.Log.WithName("test"))
+	defer vaultHandler.Stop()
+	assert.Errorf(t, err, "open %s : no such file or directory", defaultServiceAccountPath)
+	assert.Equal(t, vaultHandler.vault.Credential.ServiceAccount, defaultServiceAccountPath)
+}
+
 func TestHashicorpVaultHandler_ResolveSecrets_SameCertAndKey(t *testing.T) {
 	server := mockVault(t)
 	defer server.Close()