vaultwarden helm release

Key	Types
controllers.vaultwarden.containers.app.env.DOMAIN (12) `https://vault.${SECRET_DOMAIN}`	string
controllers.vaultwarden.containers.app.env.SIGNUPS_ALLOWED (11) `false`	string, boolean
controllers.vaultwarden.containers.app.env.TZ (10) `${TIMEZONE}`	string
controllers.vaultwarden.containers.app.env.SMTP_FROM (8) `vaultwarden@${SECRET_DOMAIN}`	string
controllers.vaultwarden.containers.app.env.SMTP_SECURITY (8) `off`	string
controllers.vaultwarden.containers.app.env.DATA_FOLDER (7) `data`	string
controllers.vaultwarden.containers.app.env.SMTP_HOST (7) `smtp-relay.networking.svc.cluster.local`	string
controllers.vaultwarden.containers.app.env.SMTP_PORT (7) `2525`	string, number
controllers.vaultwarden.containers.app.env.SMTP_FROM_NAME (6) `Vaultwarden`	string
controllers.vaultwarden.containers.app.env.ATTACHMENTS_FOLDER (5) `data/attachments`	string
controllers.vaultwarden.containers.app.env.ICON_CACHE_FOLDER (5) `data/icon_cache`	string
controllers.vaultwarden.containers.app.env.WEBSOCKET_ENABLED (5) `true`	string, boolean
controllers.vaultwarden.containers.app.env.PUSH_ENABLED (3) `true`	string, boolean
controllers.vaultwarden.containers.app.env.SHOW_PASSWORD_HINT (3) `false`	boolean, string
controllers.vaultwarden.containers.app.env.WEBSOCKET_ADDRESS (3) `0.0.0.0`	string
controllers.vaultwarden.containers.app.env.WEBSOCKET_PORT (3) `3012`	number
controllers.vaultwarden.containers.app.env.INVITATION_ORG_NAME (2) `${PUBLIC_DOMAIN}`	string
controllers.vaultwarden.containers.app.env.ADMIN_TOKEN (1) `${admin_token}`	string
controllers.vaultwarden.containers.app.env.DATABASE_URL.secretKeyRef.key (1) `uri`	string
controllers.vaultwarden.containers.app.env.DATABASE_URL.secretKeyRef.name (1) `postgresql-app`	string
controllers.vaultwarden.containers.app.env.DATABASE_URL (1) `postgresql://vaultwarden@vaultwarden-postgres-17-rw.security.svc:5432/vaultwarden?sslrootcert=/certs/postgres/serving/ca.crt&sslcert=/certs/postgres/user/tls.crt&sslkey=/certs/postgres/user/tls.key&sslmode=verify-full`	string
controllers.vaultwarden.containers.app.env.DISABLE_ADMIN_TOKEN (1) `false`	boolean
controllers.vaultwarden.containers.app.env.EMAIL_2FA_AUTO_FALLBACK (1) `true`	string
controllers.vaultwarden.containers.app.env.EMAIL_CHANGE_ALLOWED (1) `true`	string
controllers.vaultwarden.containers.app.env.ENABLE_WEBSOCKET (1) `true`	string
controllers.vaultwarden.containers.app.env.EXPERIMENTAL_CLIENT_FEATURE_FLAGS (1) `ssh-key-vault-item,ssh-agent`	string
controllers.vaultwarden.containers.app.env.ICON_SERVICE (1) `duckduckgo`	string
controllers.vaultwarden.containers.app.env.INVITATIONS_ALLOWED (1) `true`	string
controllers.vaultwarden.containers.app.env.IP_HEADER (1) `X-Forwarded-For`	string
controllers.vaultwarden.containers.app.env.LOGIN_RATELIMIT_MAX_BURST (1) `2`	string
controllers.vaultwarden.containers.app.env.ORG_ATTACHMENT_LIMIT (1) `1000000`	string
controllers.vaultwarden.containers.app.env.PUSH_INSTALLATION_ID (1) `${push_installation_id}`	string
controllers.vaultwarden.containers.app.env.PUSH_INSTALLATION_KEY (1) `${push_installation_key}`	string
controllers.vaultwarden.containers.app.env.ROCKET_PORT (1) `8080`	string
controllers.vaultwarden.containers.app.env.ROCKET_TLS (1) `{certs="/tls/tls.crt",key="/tls/tls.key"}`	string
controllers.vaultwarden.containers.app.env.SENDS_ALLOWED (1) `true`	boolean
controllers.vaultwarden.containers.app.env.SIGNUPS_VERIFY (1) `true`	string
controllers.vaultwarden.containers.app.env.SMTP_EXPLICIT_TLS (1) `true`	string
controllers.vaultwarden.containers.app.env.SMTP_SSL (1) `true`	string
controllers.vaultwarden.containers.app.env.SMTP_TIMEOUT (1) `15`	number
controllers.vaultwarden.containers.app.env.SSO_AUTHORITY (1) `https://auth.${PUBLIC_DOMAIN}/application/o/vaultwarden/`	string
controllers.vaultwarden.containers.app.env.SSO_ENABLED (1) `true`	string
controllers.vaultwarden.containers.app.env.SSO_ONLY (1) `true`	string
controllers.vaultwarden.containers.app.env.SSO_SCOPES (1) `email profile offline_access`	string
controllers.vaultwarden.containers.app.env.TEMPLATES_FOLDER (1) `data/templates`	string
controllers.vaultwarden.containers.app.env.TIMEZONE (1) `${TZ}`	string
controllers.vaultwarden.containers.app.env.TRASH_AUTO_DELETE_DAYS (1) `30`	string
controllers.vaultwarden.containers.app.env.USER_ATTACHMENT_LIMIT (1) `1000000`	string
controllers.vaultwarden.containers.app.env.USER_SEND_LIMIT (1) `1000000`	string
controllers.vaultwarden.containers.app.image.repository (12) `vaultwarden/server`	string
controllers.vaultwarden.containers.app.image.tag (12) `1.34.3@sha256:84fd8a47f58d79a1ad824c27be0a9492750c0fa5216b35c749863093bfa3c3d7`	string
controllers.vaultwarden.containers.app.envFrom[].secretRef.name (11) `vaultwarden-secret`	string
controllers.vaultwarden.containers.app.resources.limits.memory (10) `256Mi`	string
controllers.vaultwarden.containers.app.resources.requests.cpu (10) `100m`	string
controllers.vaultwarden.containers.app.resources.requests.memory (10) `100Mi`	string
controllers.vaultwarden.containers.app.securityContext.allowPrivilegeEscalation (7) `false`	boolean
controllers.vaultwarden.containers.app.securityContext.capabilities.drop[] (7) `- ALL`	string
controllers.vaultwarden.containers.app.securityContext.readOnlyRootFilesystem (7) `true`	boolean
controllers.vaultwarden.containers.app.probes.liveness.enabled (4) `true`	boolean
controllers.vaultwarden.containers.app.probes.liveness.custom (2) `true`	boolean
controllers.vaultwarden.containers.app.probes.liveness.path (2) `/alive`	string
controllers.vaultwarden.containers.app.probes.liveness.spec.failureThreshold (2) `3`	number
controllers.vaultwarden.containers.app.probes.liveness.spec.httpGet.path (2) `/alive`	string
controllers.vaultwarden.containers.app.probes.liveness.spec.httpGet.port (2) `80`	number
controllers.vaultwarden.containers.app.probes.liveness.spec.initialDelaySeconds (2) `0`	number
controllers.vaultwarden.containers.app.probes.liveness.spec.periodSeconds (2) `10`	number
controllers.vaultwarden.containers.app.probes.liveness.spec.timeoutSeconds (2) `1`	number
controllers.vaultwarden.containers.app.probes.liveness.type (1) `HTTPS`	string
controllers.vaultwarden.containers.app.probes.readiness.enabled (4) `true`	boolean
controllers.vaultwarden.containers.app.probes.readiness.custom (2) `true`	boolean
controllers.vaultwarden.containers.app.probes.readiness.path (2) `/alive`	string
controllers.vaultwarden.containers.app.probes.readiness.spec.failureThreshold (2) `3`	number
controllers.vaultwarden.containers.app.probes.readiness.spec.httpGet.path (2) `/alive`	string
controllers.vaultwarden.containers.app.probes.readiness.spec.httpGet.port (2) `80`	number
controllers.vaultwarden.containers.app.probes.readiness.spec.initialDelaySeconds (2) `0`	number
controllers.vaultwarden.containers.app.probes.readiness.spec.periodSeconds (2) `10`	number
controllers.vaultwarden.containers.app.probes.readiness.spec.timeoutSeconds (2) `1`	number
controllers.vaultwarden.containers.app.probes.readiness.type (1) `HTTPS`	string
controllers.vaultwarden.containers.app.probes.startup.enabled (2) `true`	boolean
controllers.vaultwarden.containers.app.probes.startup.path (1) `/alive`	string
controllers.vaultwarden.containers.app.probes.startup.spec.failureThreshold (1) `30`	number
controllers.vaultwarden.containers.app.probes.startup.spec.periodSeconds (1) `5`	number
controllers.vaultwarden.containers.app.probes.startup.type (1) `HTTPS`	string
controllers.vaultwarden.containers.app.ports[].containerPort (1) `80`	number
controllers.vaultwarden.containers.app.ports[].name (1) `http`	string
controllers.vaultwarden.containers.vaultwarden.env.ADMIN_TOKEN (1) `${VAULTWARDEN_ADMIN_TOKEN_HASHED}`	string
controllers.vaultwarden.containers.vaultwarden.env.DOMAIN (1) `https://vaultwarden.${SECRET_DOMAIN}`	string
controllers.vaultwarden.containers.vaultwarden.env.INVITATIONS_ALLOWED (1) `true`	string
controllers.vaultwarden.containers.vaultwarden.env.PASSWORD_HINTS_ALLOWED (1) `false`	boolean
controllers.vaultwarden.containers.vaultwarden.env.SIGNUPS_ALLOWED (1) `false`	string
controllers.vaultwarden.containers.vaultwarden.env.SMTP_FROM (1) `${SMTP_FROM}`	string
controllers.vaultwarden.containers.vaultwarden.env.SMTP_FROM_NAME (1) `Vaultwarden`	string
controllers.vaultwarden.containers.vaultwarden.env.SMTP_HOST (1) `${SMTP_MAIL_SERVER}`	string
controllers.vaultwarden.containers.vaultwarden.env.SMTP_PASSWORD (1) `${SMTP_PASSWORD}`	string
controllers.vaultwarden.containers.vaultwarden.env.SMTP_PORT (1) `587`	number
controllers.vaultwarden.containers.vaultwarden.env.SMTP_SECURITY (1) `starttls`	string
controllers.vaultwarden.containers.vaultwarden.env.SMTP_USERNAME (1) `${SMTP_USERNAME}`	string
controllers.vaultwarden.containers.vaultwarden.env.TRASH_AUTO_DELETE_DAYS (1) `7`	number
controllers.vaultwarden.containers.vaultwarden.env.TZ (1) `${TIMEZONE}`	string
controllers.vaultwarden.containers.vaultwarden.env.WEBSOCKET_ADDRESS (1) `0.0.0.0`	string
controllers.vaultwarden.containers.vaultwarden.env.WEBSOCKET_ENABLED (1) `true`	string
controllers.vaultwarden.containers.vaultwarden.env.WEBSOCKET_PORT (1) `3012`	number
controllers.vaultwarden.containers.vaultwarden.envFrom[].secretRef.name (1) `vaultwarden-secret`	string
controllers.vaultwarden.containers.vaultwarden.image.repository (1) `vaultwarden/server`	string
controllers.vaultwarden.containers.vaultwarden.image.tag (1) `1.34.3-alpine`	string
controllers.vaultwarden.containers.vaultwarden.probes.liveness.enabled (1) `false`	boolean
controllers.vaultwarden.containers.vaultwarden.probes.readiness.enabled (1) `false`	boolean
controllers.vaultwarden.containers.vaultwarden.probes.startup.enabled (1) `false`	boolean
controllers.vaultwarden.containers.vaultwarden.resources.limits.memory (1) `250Mi`	string
controllers.vaultwarden.containers.vaultwarden.resources.requests.cpu (1) `10m`	string
controllers.vaultwarden.containers.vaultwarden.resources.requests.memory (1) `100Mi`	string
controllers.vaultwarden.annotations."reloader.stakater.com/auto" (10) `true`	string
controllers.vaultwarden.annotations."secret.reloader.stakater.com/reload" (3) `internal-tls`	string
controllers.vaultwarden.initContainers.init-db.envFrom[].secretRef.name (6) `vaultwarden-secret`	string
controllers.vaultwarden.initContainers.init-db.image.repository (6) `ghcr.io/home-operations/postgres-init`	string
controllers.vaultwarden.initContainers.init-db.image.tag (6) `17`	number, string
controllers.vaultwarden.initContainers.init-db.image.pullPolicy (1) `IfNotPresent`	string
controllers.vaultwarden.initContainers.01-init-branding.args[] (1) `- mkdir -p /data/templates; mc alias set s3 https://s3.t0m.co '' '' --api S3v4; mc cp --recursive s3/t0m-public/vaultwarden/templates/ /data/templates/`	string
controllers.vaultwarden.initContainers.01-init-branding.command[] (1) `- /bin/sh - -c`	string
controllers.vaultwarden.initContainers.01-init-branding.image.repository (1) `quay.io/minio/mc`	string
controllers.vaultwarden.initContainers.01-init-branding.image.tag (1) `RELEASE.2025-05-21T01-59-54Z@sha256:09f93f534cde415d192bb6084dd0e0ddd1715fb602f8a922ad121fd2bf0f8b44`	string
controllers.vaultwarden.initContainers.01-init-db.envFrom[].secretRef.name (1) `vaultwarden-secret`	string
controllers.vaultwarden.initContainers.01-init-db.image.pullPolicy (1) `IfNotPresent`	string
controllers.vaultwarden.initContainers.01-init-db.image.repository (1) `ghcr.io/home-operations/postgres-init`	string
controllers.vaultwarden.initContainers.01-init-db.image.tag (1) `17.6`	number
controllers.vaultwarden.pod.securityContext.fsGroup (5) `1000`	number
controllers.vaultwarden.pod.securityContext.fsGroupChangePolicy (5) `OnRootMismatch`	string
controllers.vaultwarden.pod.securityContext.runAsGroup (5) `1000`	number
controllers.vaultwarden.pod.securityContext.runAsUser (5) `1000`	number
controllers.vaultwarden.pod.securityContext.runAsNonRoot (3) `true`	boolean
controllers.vaultwarden.pod.securityContext.seccompProfile.type (3) `RuntimeDefault`	string
controllers.vaultwarden.pod.labels."endpoints.netpols.home.arpa/email-sender" (1) `true`	string
controllers.vaultwarden.pod.labels."policy.gabe565.com/egress-namespace" (1) `true`	string
controllers.vaultwarden.pod.labels."policy.gabe565.com/egress-world" (1) `true`	string
controllers.vaultwarden.pod.labels."policy.gabe565.com/ingress-nginx" (1) `true`	string
controllers.vaultwarden.pod.priorityClassName (1) `system-cluster-critical`	string
controllers.vaultwarden.pod.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (1) `vaultwarden`	string
controllers.vaultwarden.pod.topologySpreadConstraints[].maxSkew (1) `1`	number
controllers.vaultwarden.pod.topologySpreadConstraints[].topologyKey (1) `kubernetes.io/hostname`	string
controllers.vaultwarden.pod.topologySpreadConstraints[].whenUnsatisfiable (1) `DoNotSchedule`	string
controllers.vaultwarden.replicas (3) `2`	number
controllers.vaultwarden.strategy (2) `Recreate`	string
controllers.vaultwarden.labels.postgres (1) `true`	string
controllers.${APP}.annotations."reloader.stakater.com/auto" (1) `true`	string
controllers.${APP}.containers.app.env.TZ (1) `${TIMEZONE}`	string
controllers.${APP}.containers.app.image.pullPolicy (1) `IfNotPresent`	string
controllers.${APP}.containers.app.image.repository (1) `ghcr.io/dani-garcia/vaultwarden`	string
controllers.${APP}.containers.app.image.tag (1) `1.34.3@sha256:84fd8a47f58d79a1ad824c27be0a9492750c0fa5216b35c749863093bfa3c3d7`	string
controllers.${APP}.containers.app.probes.liveness.custom (1) `true`	boolean
controllers.${APP}.containers.app.probes.liveness.enabled (1) `true`	boolean
controllers.${APP}.containers.app.probes.liveness.spec.failureThreshold (1) `3`	number
controllers.${APP}.containers.app.probes.liveness.spec.httpGet.path (1) `/alive`	string
controllers.${APP}.containers.app.probes.liveness.spec.httpGet.port (1) `80`	number
controllers.${APP}.containers.app.probes.liveness.spec.initialDelaySeconds (1) `0`	number
controllers.${APP}.containers.app.probes.liveness.spec.periodSeconds (1) `10`	number
controllers.${APP}.containers.app.probes.liveness.spec.timeoutSeconds (1) `1`	number
controllers.${APP}.containers.app.probes.readiness.custom (1) `true`	boolean
controllers.${APP}.containers.app.probes.readiness.enabled (1) `true`	boolean
controllers.${APP}.containers.app.probes.readiness.spec.failureThreshold (1) `3`	number
controllers.${APP}.containers.app.probes.readiness.spec.httpGet.path (1) `/alive`	string
controllers.${APP}.containers.app.probes.readiness.spec.httpGet.port (1) `80`	number
controllers.${APP}.containers.app.probes.readiness.spec.initialDelaySeconds (1) `0`	number
controllers.${APP}.containers.app.probes.readiness.spec.periodSeconds (1) `10`	number
controllers.${APP}.containers.app.probes.readiness.spec.timeoutSeconds (1) `1`	number
controllers.${APP}.containers.app.resources.limits.memory (1) `256Mi`	string
controllers.${APP}.containers.app.resources.requests.cpu (1) `10m`	string
controllers.${APP}.containers.app.resources.requests.memory (1) `64Mi`	string
controllers.${APP}.containers.app.securityContext.fsGroup (1) `1000`	number
controllers.${APP}.containers.app.securityContext.fsGroupChangePolicy (1) `OnRootMismatch`	string
controllers.${APP}.containers.app.securityContext.runAsGroup (1) `1000`	number
controllers.${APP}.containers.app.securityContext.runAsNonRoot (1) `true`	boolean
controllers.${APP}.containers.app.securityContext.runAsUser (1) `1000`	number
controllers.${APP}.containers.app.securityContext.seccompProfile.type (1) `RuntimeDefault`	string
controllers.${APP}.containers.backup.env.BACKUP_KEEP_DAYS (1) `30`	number
controllers.${APP}.containers.backup.env.CRON (1) `0 5 * * *`	string
controllers.${APP}.containers.backup.env.DATA_DIR (1) `/data`	string
controllers.${APP}.containers.backup.env.PING_URL_WHEN_FAILURE_CURL_OPTIONS (1) `-H 'Content-Type: application/json' -d '{"content":"❌ Vaultwarden backup failed!"}'`	string
controllers.${APP}.containers.backup.env.PING_URL_WHEN_FAILURE.valueFrom.secretKeyRef.key (1) `VAULTWARDEN_BACKUP_PING_URL`	string
controllers.${APP}.containers.backup.env.PING_URL_WHEN_FAILURE.valueFrom.secretKeyRef.name (1) `vaultwarden-secret`	string
controllers.${APP}.containers.backup.env.PING_URL_WHEN_SUCCESS_CURL_OPTIONS (1) `-H 'Content-Type: application/json' -d '{"content":"✅ Vaultwarden backup completed successfully."}'`	string
controllers.${APP}.containers.backup.env.PING_URL_WHEN_SUCCESS.valueFrom.secretKeyRef.key (1) `VAULTWARDEN_BACKUP_PING_URL`	string
controllers.${APP}.containers.backup.env.PING_URL_WHEN_SUCCESS.valueFrom.secretKeyRef.name (1) `vaultwarden-secret`	string
controllers.${APP}.containers.backup.env.RCLONE_CONFIG (1) `/data/rclone.conf`	string
controllers.${APP}.containers.backup.env.RCLONE_REMOTE_DIR (1) `/Vaultwarden-k3s/`	string
controllers.${APP}.containers.backup.env.RCLONE_REMOTE_NAME (1) `Google Drive`	string
controllers.${APP}.containers.backup.env.RCLONE_TEMP_DIR (1) `/data/`	string
controllers.${APP}.containers.backup.env.TIMEZONE (1) `${TIMEZONE}`	string
controllers.${APP}.containers.backup.env.ZIP_ENABLE (1) `true`	boolean
controllers.${APP}.containers.backup.env.ZIP_PASSWORD.valueFrom.secretKeyRef.key (1) `VAULTWARDEN_BACKUP_ZIP_PASSWORD`	string
controllers.${APP}.containers.backup.env.ZIP_PASSWORD.valueFrom.secretKeyRef.name (1) `vaultwarden-secret`	string
controllers.${APP}.containers.backup.image.pullPolicy (1) `IfNotPresent`	string
controllers.${APP}.containers.backup.image.repository (1) `ghcr.io/ttionya/vaultwarden-backup`	string
controllers.${APP}.containers.backup.image.tag (1) `1.25.1@sha256:cb781ec8f0d330a42a1fd2ee7910926c650b7bc52b6e8c6b60b60bead46d44a1`	string
controllers.${APP}.containers.backup.nameOverride (1) `backup`	string
controllers.${APP}.containers.backup.resources.limits.memory (1) `256Mi`	string
controllers.${APP}.containers.backup.resources.requests.cpu (1) `10m`	string
controllers.${APP}.containers.backup.resources.requests.memory (1) `64Mi`	string
controllers.${APP}.containers.backup.securityContext.fsGroup (1) `1000`	number
controllers.${APP}.containers.backup.securityContext.readOnlyRootFilesystem (1) `false`	boolean
controllers.${APP}.enabled (1) `true`	boolean
controllers.${APP}.replicas (1) `1`	number
controllers.${APP}.type (1) `deployment`	string
controllers.main.containers.main.env.DATA_FOLDER (1) `config`	string
controllers.main.containers.main.env.DOMAIN (1) `https://vault.${SECRET_DOMAIN}`	string
controllers.main.containers.main.env.SIGNUPS_ALLOWED (1) `false`	boolean
controllers.main.containers.main.env.TZ (1) `${TIMEZONE}`	string
controllers.main.containers.main.env.WEBSOCKET_ADDRESS (1) `0.0.0.0`	string
controllers.main.containers.main.env.WEBSOCKET_ENABLED (1) `true`	boolean
controllers.main.containers.main.env.WEBSOCKET_PORT (1) `3012`	number
controllers.main.containers.main.envFrom[].secretRef.name (1) `vaultwarden`	string
controllers.main.containers.main.image.repository (1) `docker.io/vaultwarden/server`	string
controllers.main.containers.main.image.tag (1) `1.34.3-alpine@sha256:d70118b9dafb8588ee2651ceb5df68db27dcbd8e18467722010644ba48d5d6d6`	string
controllers.main.containers.main.resources.limits.memory (1) `100Mi`	string
controllers.main.containers.main.resources.requests.cpu (1) `15m`	string
controllers.main.containers.main.resources.requests.memory (1) `100Mi`	string
controllers.main.pod.securityContext.fsGroup (1) `568`	number
controllers.main.pod.securityContext.fsGroupChangePolicy (1) `OnRootMismatch`	string
controllers.main.pod.securityContext.runAsGroup (1) `568`	number
controllers.main.pod.securityContext.runAsUser (1) `568`	number
controllers.main.pod.securityContext.supplementalGroups[] (1) `- "100"`	number
service.app.ports.http.port (12) `80`	number
service.app.ports.websocket.enabled (2) `true`	boolean
service.app.ports.websocket.port (2) `3012`	number
service.app.controller (10) `vaultwarden`	string
service.app.sessionAffinity (1) `ClientIP`	string
service.app.sessionAffinityConfig.clientIP.timeoutSeconds (1) `10800`	number
service.vaultwarden.controller (2) `vaultwarden`	string
service.vaultwarden.ports.http.port (2) `8080`	number
service.main.controller (1) `main`	string
service.main.ports.http.port (1) `80`	number
service.main.ports.websocket.enabled (1) `true`	boolean
service.main.ports.websocket.port (1) `3012`	number
ingress.app.hosts[].host (8) `vault.${SECRET_DOMAIN}`	string
ingress.app.hosts[].paths[].path (8) `/`	string
ingress.app.hosts[].paths[].service.identifier (8) `app`	string
ingress.app.hosts[].paths[].service.port (8) `http`	string, number
ingress.app.hosts[].paths[].pathType (1) `Prefix`	string
ingress.app.className (7) `external`	string
ingress.app.annotations."external-dns.alpha.kubernetes.io/target" (4) `external.${SECRET_DOMAIN}`	string
ingress.app.annotations."gethomepage.dev/enabled" (2) `true`	string
ingress.app.annotations."gethomepage.dev/group" (2) `Infrastructure`	string
ingress.app.annotations."gethomepage.dev/icon" (2) `vaultwarden.svg`	string
ingress.app.annotations."gethomepage.dev/name" (2) `Vaultwarden`	string
ingress.app.annotations."traefik.ingress.kubernetes.io/router.middlewares" (2) `networking-traefik-middleware-chain-no-auth@kubernetescrd`	string
ingress.app.annotations."cert-manager.io/cluster-issuer" (1) `letsencrypt-production`	string
ingress.app.annotations."external-dns.home.arpa/enabled" (1) `true`	string
ingress.app.annotations."gethomepage.dev/description" (1) `Password Management`	string
ingress.app.annotations."gethomepage.dev/pod-selector" (1) `app.kubernetes.io/name=vaultwarden`	string
ingress.app.annotations."gethomepage.dev/siteMonitor" (1) `http://${APP}.security.svc.cluster.local:80`	string
ingress.app.annotations."hajimari.io/enable" (1) `true`	string
ingress.app.annotations."hajimari.io/group" (1) `Authentication`	string
ingress.app.annotations."hajimari.io/icon" (1) `cbi:vaultwarden`	string
ingress.app.annotations."hajimari.io/name" (1) `Vaultwarden`	string
ingress.app.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1) `websecure`	string
ingress.app.tls[].hosts[] (4) `- vault.${SECRET_DOMAIN}`	string
ingress.app.tls[].secretName (3) `${SECRET_DOMAIN/./-}-tls`	string
ingress.app.enabled (3) `true`	boolean
ingress.admin.hosts[].host (4) `${app_url}`	string
ingress.admin.hosts[].paths[].path (4) `/admin`	string
ingress.admin.hosts[].paths[].service.identifier (4) `app`	string
ingress.admin.hosts[].paths[].service.port (4) `http`	string
ingress.admin.hosts[].paths[].pathType (1) `ImplementationSpecific`	string
ingress.admin.enabled (3) `true`	boolean
ingress.admin.tls[].hosts[] (3) `- ${app_url}`	string
ingress.admin.tls[].secretName (3) `${certificate_name}`	string
ingress.admin.annotations."traefik.ingress.kubernetes.io/router.middlewares" (2) `networking-traefik-middleware-chain-tinyauth@kubernetescrd`	string
ingress.admin.annotations."auth.home.arpa/enabled" (1) `true`	string
ingress.admin.annotations."external-dns.alpha.kubernetes.io/exclude" (1) `true`	string
ingress.admin.annotations."external-dns.home.arpa/enabled" (1) `true`	string
ingress.admin.annotations."nginx.ingress.kubernetes.io/auth-response-headers" (1) `Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid`	string
ingress.admin.annotations."nginx.ingress.kubernetes.io/auth-signin" (1) `https://$host/outpost.goauthentik.io/start?rd=$scheme://$http_host$escaped_request_uri`	string
ingress.admin.annotations."nginx.ingress.kubernetes.io/auth-snippet" (1) `proxy_set_header X-Forwarded-Host $http_host;`	string
ingress.admin.annotations."nginx.ingress.kubernetes.io/auth-url" (1) `http://ak-outpost-gabernetes.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx`	string
ingress.admin.annotations."nginx.ingress.kubernetes.io/backend-protocol" (1) `HTTPS`	string
ingress.admin.annotations."nginx.ingress.kubernetes.io/custom-http-errors" (1) `500,501,502,503,504,505,506,510`	string
ingress.admin.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" (1) `10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16`	string
ingress.admin.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1) `websecure`	string
ingress.admin.className (2) `external`	string
ingress.main.annotations."cert-manager.io/cluster-issuer" (1) `letsencrypt-production`	string
ingress.main.annotations.external-dns/is-public (1) `true`	string
ingress.main.annotations."gethomepage.dev/description" (1) `Open Source Password Manager.`	string
ingress.main.annotations."gethomepage.dev/enabled" (1) `true`	string
ingress.main.annotations."gethomepage.dev/group" (1) `Security`	string
ingress.main.annotations."gethomepage.dev/icon" (1) `vaultwarden`	string
ingress.main.annotations."gethomepage.dev/name" (1) `Vaultwarden`	string
ingress.main.className (1) `external`	string
ingress.main.hosts[].host (1) `vault.${SECRET_DOMAIN}`	string
ingress.main.hosts[].paths[].path (1) `/ /notifications/hub /notifications/hub/negotiate`	string
ingress.main.hosts[].paths[].pathType (1) `Prefix Prefix`	string
ingress.main.hosts[].paths[].service.identifier (1) `main main main`	string
ingress.main.hosts[].paths[].service.port (1) `http websocket http`	string
ingress.main.tls[].hosts[] (1) `- vault.${SECRET_DOMAIN}`	string
ingress.main.tls[].secretName (1) `vault-tls`	string
ingress.vaultwarden.annotations."nginx.ingress.kubernetes.io/backend-protocol" (1) `HTTPS`	string
ingress.vaultwarden.enabled (1) `true`	boolean
ingress.vaultwarden.hosts[].host (1) `${app_url}`	string
ingress.vaultwarden.hosts[].paths[].path (1) `/`	string
ingress.vaultwarden.hosts[].paths[].service.identifier (1) `vaultwarden`	string
ingress.vaultwarden.hosts[].paths[].service.port (1) `http`	string
ingress.vaultwarden.tls[].hosts[] (1) `- ${app_url}`	string
ingress.vaultwarden.tls[].secretName (1) `${certificate_name}`	string
persistence.config.existingClaim (7) `vaultwarden`	string
persistence.config.globalMounts[].path (6) `/data`	string
persistence.config.enabled (2) `true`	boolean
persistence.data.accessMode (3) `ReadWriteOnce`	string
persistence.data.enabled (3) `true`	boolean
persistence.data.existingClaim (3) `vaultwarden`	string
persistence.data.size (3) `8Gi`	string
persistence.data.storageClass (3) `longhorn-ssd`	string
persistence.data.type (3) `persistentVolumeClaim`	string
persistence.data.globalMounts[].path (2) `/data`	string
persistence.data.globalMounts[].subPath (1) `vaultwarden`	string
persistence.data.retain (2) `true`	boolean
persistence.data.advancedMounts.vaultwarden.app[].path (1) `/data`	string
persistence.data.path (1) `/volume1/apps/identity`	string
persistence.data.server (1) `${NFS_SERVER}`	string
persistence.data.suffix (1) `data`	string
persistence.env.advancedMounts.${APP}.app[].path (1) `/.env`	string
persistence.env.advancedMounts.${APP}.app[].readOnly (1) `true`	boolean
persistence.env.advancedMounts.${APP}.app[].subPath (1) `.env`	string
persistence.env.enabled (1) `true`	boolean
persistence.env.items[].key (1) `.env`	string
persistence.env.items[].path (1) `.env`	string
persistence.env.name (1) `vaultwarden-secret`	string
persistence.env.type (1) `secret`	string
persistence.postgres-serving-cert.advancedMounts.vaultwarden.app[].path (1) `/certs/postgres/serving`	string
persistence.postgres-serving-cert.defaultMode (1) `444`	number
persistence.postgres-serving-cert.items[].key (1) `ca.crt`	string
persistence.postgres-serving-cert.items[].path (1) `ca.crt`	string
persistence.postgres-serving-cert.name (1) `vaultwarden-postgres-17-serving-cert`	string
persistence.postgres-serving-cert.type (1) `secret`	string
persistence.postgres-user-cert.advancedMounts.vaultwarden.app[].path (1) `/certs/postgres/user`	string
persistence.postgres-user-cert.defaultMode (1) `440`	number
persistence.postgres-user-cert.items[].key (1) `tls.crt tls.key`	string
persistence.postgres-user-cert.items[].path (1) `tls.crt tls.key`	string
persistence.postgres-user-cert.name (1) `vaultwarden-postgres-vaultwarden-user`	string
persistence.postgres-user-cert.type (1) `secret`	string
persistence.tls.enabled (1) `true`	boolean
persistence.tls.name (1) `internal-tls`	string
persistence.tls.type (1) `secret`	string
route.app.hostnames[] (3) `- {{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}`	string
route.app.parentRefs[].name (3) `external`	string
route.app.parentRefs[].namespace (3) `network`	string
route.app.parentRefs[].sectionName (3) `https`	string
route.app.rules[].backendRefs[].name (2) `vaultwarden`	string
route.app.rules[].backendRefs[].port (2) `80`	number
route.main.enabled (1) `true`	boolean
route.main.hostnames[] (1) `- vaultwarden.${SECRET_DOMAIN}`	string
route.main.kind (1) `HTTPRoute`	string
route.main.parentRefs[].kind (1) `Gateway`	string
route.main.parentRefs[].name (1) `internal`	string
route.main.parentRefs[].namespace (1) `network`	string
route.main.parentRefs[].sectionName (1) `websecure`	string
route.main.rules[].backendRefs[].name (1) `vaultwarden`	string
route.main.rules[].backendRefs[].port (1) `80`	number
route.main.rules[].matches[].path.type (1) `PathPrefix`	string
route.main.rules[].matches[].path.value (1) `/`	string
defaultPodOptions.securityContext.runAsGroup (2) `1000`	number
defaultPodOptions.securityContext.runAsNonRoot (2) `true`	boolean
defaultPodOptions.securityContext.runAsUser (2) `1000`	number
defaultPodOptions.securityContext.fsGroup (1) `1000`	number
defaultPodOptions.securityContext.fsGroupChangePolicy (1) `OnRootMismatch`	string
podAnnotations."secret.reloader.stakater.com/reload" (1) `vaultwarden`	string

Key

Types

controllers.vaultwarden.containers.app.env.DOMAIN (12)

https://vault.${SECRET_DOMAIN}

string

controllers.vaultwarden.containers.app.env.SIGNUPS_ALLOWED (11)

false

string, boolean

controllers.vaultwarden.containers.app.env.TZ (10)

${TIMEZONE}

string

controllers.vaultwarden.containers.app.env.SMTP_FROM (8)

vaultwarden@${SECRET_DOMAIN}

string

controllers.vaultwarden.containers.app.env.SMTP_SECURITY (8)

off

string

controllers.vaultwarden.containers.app.env.DATA_FOLDER (7)

data

string

controllers.vaultwarden.containers.app.env.SMTP_HOST (7)

smtp-relay.networking.svc.cluster.local

string

controllers.vaultwarden.containers.app.env.SMTP_PORT (7)

string, number

controllers.vaultwarden.containers.app.env.SMTP_FROM_NAME (6)

Vaultwarden

string

controllers.vaultwarden.containers.app.env.ATTACHMENTS_FOLDER (5)

data/attachments

string

controllers.vaultwarden.containers.app.env.ICON_CACHE_FOLDER (5)

data/icon_cache

string

controllers.vaultwarden.containers.app.env.WEBSOCKET_ENABLED (5)

true

string, boolean

controllers.vaultwarden.containers.app.env.PUSH_ENABLED (3)

true

string, boolean

controllers.vaultwarden.containers.app.env.SHOW_PASSWORD_HINT (3)

false

boolean, string

controllers.vaultwarden.containers.app.env.WEBSOCKET_ADDRESS (3)

0.0.0.0

string

controllers.vaultwarden.containers.app.env.WEBSOCKET_PORT (3)

number

controllers.vaultwarden.containers.app.env.INVITATION_ORG_NAME (2)

${PUBLIC_DOMAIN}

string

controllers.vaultwarden.containers.app.env.ADMIN_TOKEN (1)

${admin_token}

string

controllers.vaultwarden.containers.app.env.DATABASE_URL.secretKeyRef.key (1)

uri

string

controllers.vaultwarden.containers.app.env.DATABASE_URL.secretKeyRef.name (1)

postgresql-app

string

controllers.vaultwarden.containers.app.env.DATABASE_URL (1)

postgresql://vaultwarden@vaultwarden-postgres-17-rw.security.svc:5432/vaultwarden?sslrootcert=/certs/postgres/serving/ca.crt&sslcert=/certs/postgres/user/tls.crt&sslkey=/certs/postgres/user/tls.key&sslmode=verify-full

string

controllers.vaultwarden.containers.app.env.DISABLE_ADMIN_TOKEN (1)

false

boolean

controllers.vaultwarden.containers.app.env.EMAIL_2FA_AUTO_FALLBACK (1)

true

string

controllers.vaultwarden.containers.app.env.EMAIL_CHANGE_ALLOWED (1)

true

string

controllers.vaultwarden.containers.app.env.ENABLE_WEBSOCKET (1)

true

string

controllers.vaultwarden.containers.app.env.EXPERIMENTAL_CLIENT_FEATURE_FLAGS (1)

ssh-key-vault-item,ssh-agent

string

controllers.vaultwarden.containers.app.env.ICON_SERVICE (1)

duckduckgo

string

controllers.vaultwarden.containers.app.env.INVITATIONS_ALLOWED (1)

true

string

controllers.vaultwarden.containers.app.env.IP_HEADER (1)

X-Forwarded-For

string

controllers.vaultwarden.containers.app.env.LOGIN_RATELIMIT_MAX_BURST (1)

string

controllers.vaultwarden.containers.app.env.ORG_ATTACHMENT_LIMIT (1)

string

controllers.vaultwarden.containers.app.env.PUSH_INSTALLATION_ID (1)

${push_installation_id}

string

controllers.vaultwarden.containers.app.env.PUSH_INSTALLATION_KEY (1)

${push_installation_key}

string

controllers.vaultwarden.containers.app.env.ROCKET_PORT (1)

string

controllers.vaultwarden.containers.app.env.ROCKET_TLS (1)

{certs="/tls/tls.crt",key="/tls/tls.key"}

string

controllers.vaultwarden.containers.app.env.SENDS_ALLOWED (1)

true

boolean

controllers.vaultwarden.containers.app.env.SIGNUPS_VERIFY (1)

true

string

controllers.vaultwarden.containers.app.env.SMTP_EXPLICIT_TLS (1)

true

string

controllers.vaultwarden.containers.app.env.SMTP_SSL (1)

true

string

controllers.vaultwarden.containers.app.env.SMTP_TIMEOUT (1)

number

controllers.vaultwarden.containers.app.env.SSO_AUTHORITY (1)

https://auth.${PUBLIC_DOMAIN}/application/o/vaultwarden/

string

controllers.vaultwarden.containers.app.env.SSO_ENABLED (1)

true

string

controllers.vaultwarden.containers.app.env.SSO_ONLY (1)

true

string

controllers.vaultwarden.containers.app.env.SSO_SCOPES (1)

email profile offline_access

string

controllers.vaultwarden.containers.app.env.TEMPLATES_FOLDER (1)

data/templates

string

controllers.vaultwarden.containers.app.env.TIMEZONE (1)

${TZ}

string

controllers.vaultwarden.containers.app.env.TRASH_AUTO_DELETE_DAYS (1)

string

controllers.vaultwarden.containers.app.env.USER_ATTACHMENT_LIMIT (1)

string

controllers.vaultwarden.containers.app.env.USER_SEND_LIMIT (1)

string

controllers.vaultwarden.containers.app.image.repository (12)

vaultwarden/server

string

controllers.vaultwarden.containers.app.image.tag (12)

1.34.3@sha256:84fd8a47f58d79a1ad824c27be0a9492750c0fa5216b35c749863093bfa3c3d7

string

controllers.vaultwarden.containers.app.envFrom[].secretRef.name (11)

vaultwarden-secret

string

controllers.vaultwarden.containers.app.resources.limits.memory (10)

256Mi

string

controllers.vaultwarden.containers.app.resources.requests.cpu (10)

100m

string

controllers.vaultwarden.containers.app.resources.requests.memory (10)

100Mi

string

controllers.vaultwarden.containers.app.securityContext.allowPrivilegeEscalation (7)

false

boolean

controllers.vaultwarden.containers.app.securityContext.capabilities.drop[] (7)

- ALL

string

controllers.vaultwarden.containers.app.securityContext.readOnlyRootFilesystem (7)

true

boolean

controllers.vaultwarden.containers.app.probes.liveness.enabled (4)

true

boolean

controllers.vaultwarden.containers.app.probes.liveness.custom (2)

true

boolean

controllers.vaultwarden.containers.app.probes.liveness.path (2)

/alive

string

controllers.vaultwarden.containers.app.probes.liveness.spec.failureThreshold (2)

number

controllers.vaultwarden.containers.app.probes.liveness.spec.httpGet.path (2)

/alive

string

controllers.vaultwarden.containers.app.probes.liveness.spec.httpGet.port (2)

number

controllers.vaultwarden.containers.app.probes.liveness.spec.initialDelaySeconds (2)

number

controllers.vaultwarden.containers.app.probes.liveness.spec.periodSeconds (2)

number

controllers.vaultwarden.containers.app.probes.liveness.spec.timeoutSeconds (2)

number

controllers.vaultwarden.containers.app.probes.liveness.type (1)

HTTPS

string

controllers.vaultwarden.containers.app.probes.readiness.enabled (4)

true

boolean

controllers.vaultwarden.containers.app.probes.readiness.custom (2)

true

boolean

controllers.vaultwarden.containers.app.probes.readiness.path (2)

/alive

string

controllers.vaultwarden.containers.app.probes.readiness.spec.failureThreshold (2)

number

controllers.vaultwarden.containers.app.probes.readiness.spec.httpGet.path (2)

/alive

string

controllers.vaultwarden.containers.app.probes.readiness.spec.httpGet.port (2)

number

controllers.vaultwarden.containers.app.probes.readiness.spec.initialDelaySeconds (2)

number

controllers.vaultwarden.containers.app.probes.readiness.spec.periodSeconds (2)

number

controllers.vaultwarden.containers.app.probes.readiness.spec.timeoutSeconds (2)

number

controllers.vaultwarden.containers.app.probes.readiness.type (1)

HTTPS

string

controllers.vaultwarden.containers.app.probes.startup.enabled (2)

true

boolean

controllers.vaultwarden.containers.app.probes.startup.path (1)

/alive

string

controllers.vaultwarden.containers.app.probes.startup.spec.failureThreshold (1)

number

controllers.vaultwarden.containers.app.probes.startup.spec.periodSeconds (1)

number

controllers.vaultwarden.containers.app.probes.startup.type (1)

HTTPS

string

controllers.vaultwarden.containers.app.ports[].containerPort (1)

number

controllers.vaultwarden.containers.app.ports[].name (1)

http

string

controllers.vaultwarden.containers.vaultwarden.env.ADMIN_TOKEN (1)

${VAULTWARDEN_ADMIN_TOKEN_HASHED}

string

controllers.vaultwarden.containers.vaultwarden.env.DOMAIN (1)

https://vaultwarden.${SECRET_DOMAIN}

string

controllers.vaultwarden.containers.vaultwarden.env.INVITATIONS_ALLOWED (1)

true

string

controllers.vaultwarden.containers.vaultwarden.env.PASSWORD_HINTS_ALLOWED (1)

false

boolean

controllers.vaultwarden.containers.vaultwarden.env.SIGNUPS_ALLOWED (1)

false

string

controllers.vaultwarden.containers.vaultwarden.env.SMTP_FROM (1)

${SMTP_FROM}

string

controllers.vaultwarden.containers.vaultwarden.env.SMTP_FROM_NAME (1)

Vaultwarden

string

controllers.vaultwarden.containers.vaultwarden.env.SMTP_HOST (1)

${SMTP_MAIL_SERVER}

string

controllers.vaultwarden.containers.vaultwarden.env.SMTP_PASSWORD (1)

${SMTP_PASSWORD}

string

controllers.vaultwarden.containers.vaultwarden.env.SMTP_PORT (1)

number

controllers.vaultwarden.containers.vaultwarden.env.SMTP_SECURITY (1)

starttls

string

controllers.vaultwarden.containers.vaultwarden.env.SMTP_USERNAME (1)

${SMTP_USERNAME}

string

controllers.vaultwarden.containers.vaultwarden.env.TRASH_AUTO_DELETE_DAYS (1)

number

controllers.vaultwarden.containers.vaultwarden.env.TZ (1)

${TIMEZONE}

string

controllers.vaultwarden.containers.vaultwarden.env.WEBSOCKET_ADDRESS (1)

0.0.0.0

string

controllers.vaultwarden.containers.vaultwarden.env.WEBSOCKET_ENABLED (1)

true

string

controllers.vaultwarden.containers.vaultwarden.env.WEBSOCKET_PORT (1)

number

controllers.vaultwarden.containers.vaultwarden.envFrom[].secretRef.name (1)

vaultwarden-secret

string

controllers.vaultwarden.containers.vaultwarden.image.repository (1)

vaultwarden/server

string

controllers.vaultwarden.containers.vaultwarden.image.tag (1)

1.34.3-alpine

string

controllers.vaultwarden.containers.vaultwarden.probes.liveness.enabled (1)

false

boolean

controllers.vaultwarden.containers.vaultwarden.probes.readiness.enabled (1)

false

boolean

controllers.vaultwarden.containers.vaultwarden.probes.startup.enabled (1)

false

boolean

controllers.vaultwarden.containers.vaultwarden.resources.limits.memory (1)

250Mi

string

controllers.vaultwarden.containers.vaultwarden.resources.requests.cpu (1)

10m

string

controllers.vaultwarden.containers.vaultwarden.resources.requests.memory (1)

100Mi

string

controllers.vaultwarden.annotations."reloader.stakater.com/auto" (10)

true

string

controllers.vaultwarden.annotations."secret.reloader.stakater.com/reload" (3)

internal-tls

string

controllers.vaultwarden.initContainers.init-db.envFrom[].secretRef.name (6)

vaultwarden-secret

string

controllers.vaultwarden.initContainers.init-db.image.repository (6)

ghcr.io/home-operations/postgres-init

string

controllers.vaultwarden.initContainers.init-db.image.tag (6)

number, string

controllers.vaultwarden.initContainers.init-db.image.pullPolicy (1)

IfNotPresent

string

controllers.vaultwarden.initContainers.01-init-branding.args[] (1)

- mkdir -p /data/templates; mc alias set s3 https://s3.t0m.co '' '' --api S3v4; mc cp --recursive s3/t0m-public/vaultwarden/templates/ /data/templates/

string

controllers.vaultwarden.initContainers.01-init-branding.command[] (1)

- /bin/sh
- -c

string

controllers.vaultwarden.initContainers.01-init-branding.image.repository (1)

quay.io/minio/mc

string

controllers.vaultwarden.initContainers.01-init-branding.image.tag (1)

RELEASE.2025-05-21T01-59-54Z@sha256:09f93f534cde415d192bb6084dd0e0ddd1715fb602f8a922ad121fd2bf0f8b44

string

controllers.vaultwarden.initContainers.01-init-db.envFrom[].secretRef.name (1)

vaultwarden-secret

string

controllers.vaultwarden.initContainers.01-init-db.image.pullPolicy (1)

IfNotPresent

string

controllers.vaultwarden.initContainers.01-init-db.image.repository (1)

ghcr.io/home-operations/postgres-init

string

controllers.vaultwarden.initContainers.01-init-db.image.tag (1)

17.6

number

controllers.vaultwarden.pod.securityContext.fsGroup (5)

number

controllers.vaultwarden.pod.securityContext.fsGroupChangePolicy (5)

OnRootMismatch

string

controllers.vaultwarden.pod.securityContext.runAsGroup (5)

number

controllers.vaultwarden.pod.securityContext.runAsUser (5)

number

controllers.vaultwarden.pod.securityContext.runAsNonRoot (3)

true

boolean

controllers.vaultwarden.pod.securityContext.seccompProfile.type (3)

RuntimeDefault

string

controllers.vaultwarden.pod.labels."endpoints.netpols.home.arpa/email-sender" (1)

true

string

controllers.vaultwarden.pod.labels."policy.gabe565.com/egress-namespace" (1)

true

string

controllers.vaultwarden.pod.labels."policy.gabe565.com/egress-world" (1)

true

string

controllers.vaultwarden.pod.labels."policy.gabe565.com/ingress-nginx" (1)

true

string

controllers.vaultwarden.pod.priorityClassName (1)

system-cluster-critical

string

controllers.vaultwarden.pod.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (1)

vaultwarden

string

controllers.vaultwarden.pod.topologySpreadConstraints[].maxSkew (1)

number

controllers.vaultwarden.pod.topologySpreadConstraints[].topologyKey (1)

kubernetes.io/hostname

string

controllers.vaultwarden.pod.topologySpreadConstraints[].whenUnsatisfiable (1)

DoNotSchedule

string

controllers.vaultwarden.replicas (3)

number

controllers.vaultwarden.strategy (2)

Recreate

string

controllers.vaultwarden.labels.postgres (1)

true

string

controllers.${APP}.annotations."reloader.stakater.com/auto" (1)

true

string

controllers.${APP}.containers.app.env.TZ (1)

${TIMEZONE}

string

controllers.${APP}.containers.app.image.pullPolicy (1)

IfNotPresent

string

controllers.${APP}.containers.app.image.repository (1)

ghcr.io/dani-garcia/vaultwarden

string

controllers.${APP}.containers.app.image.tag (1)

1.34.3@sha256:84fd8a47f58d79a1ad824c27be0a9492750c0fa5216b35c749863093bfa3c3d7

string

controllers.${APP}.containers.app.probes.liveness.custom (1)

true

boolean

controllers.${APP}.containers.app.probes.liveness.enabled (1)

true

boolean

controllers.${APP}.containers.app.probes.liveness.spec.failureThreshold (1)

number

controllers.${APP}.containers.app.probes.liveness.spec.httpGet.path (1)

/alive

string

controllers.${APP}.containers.app.probes.liveness.spec.httpGet.port (1)

number

controllers.${APP}.containers.app.probes.liveness.spec.initialDelaySeconds (1)

number

controllers.${APP}.containers.app.probes.liveness.spec.periodSeconds (1)

number

controllers.${APP}.containers.app.probes.liveness.spec.timeoutSeconds (1)

number

controllers.${APP}.containers.app.probes.readiness.custom (1)

true

boolean

controllers.${APP}.containers.app.probes.readiness.enabled (1)

true

boolean

controllers.${APP}.containers.app.probes.readiness.spec.failureThreshold (1)

number

controllers.${APP}.containers.app.probes.readiness.spec.httpGet.path (1)

/alive

string

controllers.${APP}.containers.app.probes.readiness.spec.httpGet.port (1)

number

controllers.${APP}.containers.app.probes.readiness.spec.initialDelaySeconds (1)

number

controllers.${APP}.containers.app.probes.readiness.spec.periodSeconds (1)

number

controllers.${APP}.containers.app.probes.readiness.spec.timeoutSeconds (1)

number

controllers.${APP}.containers.app.resources.limits.memory (1)

256Mi

string

controllers.${APP}.containers.app.resources.requests.cpu (1)

10m

string

controllers.${APP}.containers.app.resources.requests.memory (1)

64Mi

string

controllers.${APP}.containers.app.securityContext.fsGroup (1)

number

controllers.${APP}.containers.app.securityContext.fsGroupChangePolicy (1)

OnRootMismatch

string

controllers.${APP}.containers.app.securityContext.runAsGroup (1)

number

controllers.${APP}.containers.app.securityContext.runAsNonRoot (1)

true

boolean

controllers.${APP}.containers.app.securityContext.runAsUser (1)

number

controllers.${APP}.containers.app.securityContext.seccompProfile.type (1)

RuntimeDefault

string

controllers.${APP}.containers.backup.env.BACKUP_KEEP_DAYS (1)

number

controllers.${APP}.containers.backup.env.CRON (1)

0 5 * * *

string

controllers.${APP}.containers.backup.env.DATA_DIR (1)

/data

string

controllers.${APP}.containers.backup.env.PING_URL_WHEN_FAILURE_CURL_OPTIONS (1)

-H 'Content-Type: application/json' -d '{"content":"❌ Vaultwarden backup failed!"}'

string

controllers.${APP}.containers.backup.env.PING_URL_WHEN_FAILURE.valueFrom.secretKeyRef.key (1)

VAULTWARDEN_BACKUP_PING_URL

string

controllers.${APP}.containers.backup.env.PING_URL_WHEN_FAILURE.valueFrom.secretKeyRef.name (1)

vaultwarden-secret

string

controllers.${APP}.containers.backup.env.PING_URL_WHEN_SUCCESS_CURL_OPTIONS (1)

-H 'Content-Type: application/json' -d '{"content":"✅ Vaultwarden backup completed successfully."}'

string

controllers.${APP}.containers.backup.env.PING_URL_WHEN_SUCCESS.valueFrom.secretKeyRef.key (1)

VAULTWARDEN_BACKUP_PING_URL

string

controllers.${APP}.containers.backup.env.PING_URL_WHEN_SUCCESS.valueFrom.secretKeyRef.name (1)

vaultwarden-secret

string

controllers.${APP}.containers.backup.env.RCLONE_CONFIG (1)

/data/rclone.conf

string

controllers.${APP}.containers.backup.env.RCLONE_REMOTE_DIR (1)

/Vaultwarden-k3s/

string

controllers.${APP}.containers.backup.env.RCLONE_REMOTE_NAME (1)

Google Drive

string

controllers.${APP}.containers.backup.env.RCLONE_TEMP_DIR (1)

/data/

string

controllers.${APP}.containers.backup.env.TIMEZONE (1)

${TIMEZONE}

string

controllers.${APP}.containers.backup.env.ZIP_ENABLE (1)

true

boolean

controllers.${APP}.containers.backup.env.ZIP_PASSWORD.valueFrom.secretKeyRef.key (1)

VAULTWARDEN_BACKUP_ZIP_PASSWORD

string

controllers.${APP}.containers.backup.env.ZIP_PASSWORD.valueFrom.secretKeyRef.name (1)

vaultwarden-secret

string

controllers.${APP}.containers.backup.image.pullPolicy (1)

IfNotPresent

string

controllers.${APP}.containers.backup.image.repository (1)

ghcr.io/ttionya/vaultwarden-backup

string

controllers.${APP}.containers.backup.image.tag (1)

1.25.1@sha256:cb781ec8f0d330a42a1fd2ee7910926c650b7bc52b6e8c6b60b60bead46d44a1

string

controllers.${APP}.containers.backup.nameOverride (1)

backup

string

controllers.${APP}.containers.backup.resources.limits.memory (1)

256Mi

string

controllers.${APP}.containers.backup.resources.requests.cpu (1)

10m

string

controllers.${APP}.containers.backup.resources.requests.memory (1)

64Mi

string

controllers.${APP}.containers.backup.securityContext.fsGroup (1)

number

controllers.${APP}.containers.backup.securityContext.readOnlyRootFilesystem (1)

false

boolean

controllers.${APP}.enabled (1)

true

boolean

controllers.${APP}.replicas (1)

number

controllers.${APP}.type (1)

deployment

string

controllers.main.containers.main.env.DATA_FOLDER (1)

config

string

controllers.main.containers.main.env.DOMAIN (1)

https://vault.${SECRET_DOMAIN}

string

controllers.main.containers.main.env.SIGNUPS_ALLOWED (1)

false

boolean

controllers.main.containers.main.env.TZ (1)

${TIMEZONE}

string

controllers.main.containers.main.env.WEBSOCKET_ADDRESS (1)

0.0.0.0

string

controllers.main.containers.main.env.WEBSOCKET_ENABLED (1)

true

boolean

controllers.main.containers.main.env.WEBSOCKET_PORT (1)

number

controllers.main.containers.main.envFrom[].secretRef.name (1)

vaultwarden

string

controllers.main.containers.main.image.repository (1)

docker.io/vaultwarden/server

string

controllers.main.containers.main.image.tag (1)

1.34.3-alpine@sha256:d70118b9dafb8588ee2651ceb5df68db27dcbd8e18467722010644ba48d5d6d6

string

controllers.main.containers.main.resources.limits.memory (1)

100Mi

string

controllers.main.containers.main.resources.requests.cpu (1)

15m

string

controllers.main.containers.main.resources.requests.memory (1)

100Mi

string

controllers.main.pod.securityContext.fsGroup (1)

number

controllers.main.pod.securityContext.fsGroupChangePolicy (1)

OnRootMismatch

string

controllers.main.pod.securityContext.runAsGroup (1)

number

controllers.main.pod.securityContext.runAsUser (1)

number

controllers.main.pod.securityContext.supplementalGroups[] (1)

- "100"

number

service.app.ports.http.port (12)

number

service.app.ports.websocket.enabled (2)

true

boolean

service.app.ports.websocket.port (2)

number

service.app.controller (10)

vaultwarden

string

service.app.sessionAffinity (1)

ClientIP

string

service.app.sessionAffinityConfig.clientIP.timeoutSeconds (1)

number

service.vaultwarden.controller (2)

vaultwarden

string

service.vaultwarden.ports.http.port (2)

number

service.main.controller (1)

main

string

service.main.ports.http.port (1)

number

service.main.ports.websocket.enabled (1)

true

boolean

service.main.ports.websocket.port (1)

number

ingress.app.hosts[].host (8)

vault.${SECRET_DOMAIN}

string

ingress.app.hosts[].paths[].path (8)

string

ingress.app.hosts[].paths[].service.identifier (8)

app

string

ingress.app.hosts[].paths[].service.port (8)

http

string, number

ingress.app.hosts[].paths[].pathType (1)

Prefix

string

ingress.app.className (7)

external

string

ingress.app.annotations."external-dns.alpha.kubernetes.io/target" (4)

external.${SECRET_DOMAIN}

string

ingress.app.annotations."gethomepage.dev/enabled" (2)

true

string

ingress.app.annotations."gethomepage.dev/group" (2)

Infrastructure

string

ingress.app.annotations."gethomepage.dev/icon" (2)

vaultwarden.svg

string

ingress.app.annotations."gethomepage.dev/name" (2)

Vaultwarden

string

ingress.app.annotations."traefik.ingress.kubernetes.io/router.middlewares" (2)

networking-traefik-middleware-chain-no-auth@kubernetescrd

string

ingress.app.annotations."cert-manager.io/cluster-issuer" (1)

letsencrypt-production

string

ingress.app.annotations."external-dns.home.arpa/enabled" (1)

true

string

ingress.app.annotations."gethomepage.dev/description" (1)

Password Management

string

ingress.app.annotations."gethomepage.dev/pod-selector" (1)

app.kubernetes.io/name=vaultwarden

string

ingress.app.annotations."gethomepage.dev/siteMonitor" (1)

http://${APP}.security.svc.cluster.local:80

string

ingress.app.annotations."hajimari.io/enable" (1)

true

string

ingress.app.annotations."hajimari.io/group" (1)

Authentication

string

ingress.app.annotations."hajimari.io/icon" (1)

cbi:vaultwarden

string

ingress.app.annotations."hajimari.io/name" (1)

Vaultwarden

string

ingress.app.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1)

websecure

string

ingress.app.tls[].hosts[] (4)

- vault.${SECRET_DOMAIN}

string

ingress.app.tls[].secretName (3)

${SECRET_DOMAIN/./-}-tls

string

ingress.app.enabled (3)

true

boolean

ingress.admin.hosts[].host (4)

${app_url}

string

ingress.admin.hosts[].paths[].path (4)

/admin

string

ingress.admin.hosts[].paths[].service.identifier (4)

app

string

ingress.admin.hosts[].paths[].service.port (4)

http

string

ingress.admin.hosts[].paths[].pathType (1)

ImplementationSpecific

string

ingress.admin.enabled (3)

true

boolean

ingress.admin.tls[].hosts[] (3)

- ${app_url}

string

ingress.admin.tls[].secretName (3)

${certificate_name}

string

ingress.admin.annotations."traefik.ingress.kubernetes.io/router.middlewares" (2)

networking-traefik-middleware-chain-tinyauth@kubernetescrd

string

ingress.admin.annotations."auth.home.arpa/enabled" (1)

true

string

ingress.admin.annotations."external-dns.alpha.kubernetes.io/exclude" (1)

true

string

ingress.admin.annotations."external-dns.home.arpa/enabled" (1)

true

string

ingress.admin.annotations."nginx.ingress.kubernetes.io/auth-response-headers" (1)

Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid

string

ingress.admin.annotations."nginx.ingress.kubernetes.io/auth-signin" (1)

https://$host/outpost.goauthentik.io/start?rd=$scheme://$http_host$escaped_request_uri

string

ingress.admin.annotations."nginx.ingress.kubernetes.io/auth-snippet" (1)

proxy_set_header X-Forwarded-Host $http_host;

string

ingress.admin.annotations."nginx.ingress.kubernetes.io/auth-url" (1)

http://ak-outpost-gabernetes.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx

string

ingress.admin.annotations."nginx.ingress.kubernetes.io/backend-protocol" (1)

HTTPS

string

ingress.admin.annotations."nginx.ingress.kubernetes.io/custom-http-errors" (1)

500,501,502,503,504,505,506,510

string

ingress.admin.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" (1)

10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

string

ingress.admin.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1)

websecure

string

ingress.admin.className (2)

external

string

ingress.main.annotations."cert-manager.io/cluster-issuer" (1)

letsencrypt-production

string

ingress.main.annotations.external-dns/is-public (1)

true

string

ingress.main.annotations."gethomepage.dev/description" (1)

Open Source Password Manager.

string

ingress.main.annotations."gethomepage.dev/enabled" (1)

true

string

ingress.main.annotations."gethomepage.dev/group" (1)

Security

string

ingress.main.annotations."gethomepage.dev/icon" (1)

vaultwarden

string

ingress.main.annotations."gethomepage.dev/name" (1)

Vaultwarden

string

ingress.main.className (1)

external

string

ingress.main.hosts[].host (1)

vault.${SECRET_DOMAIN}

string

ingress.main.hosts[].paths[].path (1)

/
/notifications/hub
/notifications/hub/negotiate

string

ingress.main.hosts[].paths[].pathType (1)

Prefix
Prefix

string

ingress.main.hosts[].paths[].service.identifier (1)

main
main
main

string

ingress.main.hosts[].paths[].service.port (1)

http
websocket
http

string

ingress.main.tls[].hosts[] (1)

- vault.${SECRET_DOMAIN}

string

ingress.main.tls[].secretName (1)

vault-tls

string

ingress.vaultwarden.annotations."nginx.ingress.kubernetes.io/backend-protocol" (1)

HTTPS

string

ingress.vaultwarden.enabled (1)

true

boolean

ingress.vaultwarden.hosts[].host (1)

${app_url}

string

ingress.vaultwarden.hosts[].paths[].path (1)

string

ingress.vaultwarden.hosts[].paths[].service.identifier (1)

vaultwarden

string

ingress.vaultwarden.hosts[].paths[].service.port (1)

http

string

ingress.vaultwarden.tls[].hosts[] (1)

- ${app_url}

string

ingress.vaultwarden.tls[].secretName (1)

${certificate_name}

string

persistence.config.existingClaim (7)

vaultwarden

string

persistence.config.globalMounts[].path (6)

/data

string

persistence.config.enabled (2)

true

boolean

persistence.data.accessMode (3)

ReadWriteOnce

string

persistence.data.enabled (3)

true

boolean

persistence.data.existingClaim (3)

vaultwarden

string

persistence.data.size (3)

8Gi

string

persistence.data.storageClass (3)

longhorn-ssd

string

persistence.data.type (3)

persistentVolumeClaim

string

persistence.data.globalMounts[].path (2)

/data

string

persistence.data.globalMounts[].subPath (1)

vaultwarden

string

persistence.data.retain (2)

true

boolean

persistence.data.advancedMounts.vaultwarden.app[].path (1)

/data

string

persistence.data.path (1)

/volume1/apps/identity

string

persistence.data.server (1)

${NFS_SERVER}

string

persistence.data.suffix (1)

data

string

persistence.env.advancedMounts.${APP}.app[].path (1)

/.env

string

persistence.env.advancedMounts.${APP}.app[].readOnly (1)

true

boolean

persistence.env.advancedMounts.${APP}.app[].subPath (1)

.env

string

persistence.env.enabled (1)

true

boolean

persistence.env.items[].key (1)

.env

string

persistence.env.items[].path (1)

.env

string

persistence.env.name (1)

vaultwarden-secret

string

persistence.env.type (1)

secret

string

persistence.postgres-serving-cert.advancedMounts.vaultwarden.app[].path (1)

/certs/postgres/serving

string

persistence.postgres-serving-cert.defaultMode (1)

number

persistence.postgres-serving-cert.items[].key (1)

ca.crt

string

persistence.postgres-serving-cert.items[].path (1)

ca.crt

string

persistence.postgres-serving-cert.name (1)

vaultwarden-postgres-17-serving-cert

string

persistence.postgres-serving-cert.type (1)

secret

string

persistence.postgres-user-cert.advancedMounts.vaultwarden.app[].path (1)

/certs/postgres/user

string

persistence.postgres-user-cert.defaultMode (1)

number

persistence.postgres-user-cert.items[].key (1)

tls.crt
tls.key

string

persistence.postgres-user-cert.items[].path (1)

tls.crt
tls.key

string

persistence.postgres-user-cert.name (1)

vaultwarden-postgres-vaultwarden-user

string

persistence.postgres-user-cert.type (1)

secret

string

persistence.tls.enabled (1)

true

boolean

persistence.tls.name (1)

internal-tls

string

persistence.tls.type (1)

secret

string

route.app.hostnames[] (3)

- {{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}

string

route.app.parentRefs[].name (3)

external

string

route.app.parentRefs[].namespace (3)

network

string

route.app.parentRefs[].sectionName (3)

https

string

route.app.rules[].backendRefs[].name (2)

vaultwarden

string

route.app.rules[].backendRefs[].port (2)

number

route.main.enabled (1)

true

boolean

route.main.hostnames[] (1)

- vaultwarden.${SECRET_DOMAIN}

string

route.main.kind (1)

HTTPRoute

string

route.main.parentRefs[].kind (1)

Gateway

string

route.main.parentRefs[].name (1)

internal

string

route.main.parentRefs[].namespace (1)

network

string

route.main.parentRefs[].sectionName (1)

websecure

string

route.main.rules[].backendRefs[].name (1)

vaultwarden

string

route.main.rules[].backendRefs[].port (1)

number

route.main.rules[].matches[].path.type (1)

PathPrefix

string

route.main.rules[].matches[].path.value (1)

string

defaultPodOptions.securityContext.runAsGroup (2)

number

defaultPodOptions.securityContext.runAsNonRoot (2)

true

boolean

defaultPodOptions.securityContext.runAsUser (2)

number

defaultPodOptions.securityContext.fsGroup (1)

number

defaultPodOptions.securityContext.fsGroupChangePolicy (1)

OnRootMismatch

string

podAnnotations."secret.reloader.stakater.com/reload" (1)

vaultwarden

string

vaultwarden helm

Install

Examples

Top Repositories (3 out of 15)

Values