vaultwarden helm release

Key	Types
service.app.ports.http.port (14) `80`	number
service.app.ports.http.protocol (1) `HTTP`	string
service.app.ports.websocket.enabled (2) `true`	boolean
service.app.ports.websocket.port (2) `3012`	number
service.app.ports.anubis.port (1) `8923`	number
service.app.controller (10) `vaultwarden`	string
service.app.sessionAffinity (1) `ClientIP`	string
service.app.sessionAffinityConfig.clientIP.timeoutSeconds (1) `10800`	number
service.vaultwarden.controller (2) `vaultwarden`	string
service.vaultwarden.ports.http.port (2) `8080`	number
service.main.controller (1) `main`	string
service.main.ports.http.port (1) `80`	number
service.main.ports.websocket.enabled (1) `true`	boolean
service.main.ports.websocket.port (1) `3012`	number
controllers.vaultwarden.containers.app.env.DOMAIN (13) `https://vault.${SECRET_DOMAIN}`	string
controllers.vaultwarden.containers.app.env.SIGNUPS_ALLOWED (12) `false`	string, boolean
controllers.vaultwarden.containers.app.env.TZ (11) `${TIMEZONE}`	string
controllers.vaultwarden.containers.app.env.SMTP_FROM (10) `vaultwarden@${SECRET_DOMAIN}`	string
controllers.vaultwarden.containers.app.env.SMTP_HOST (10) `smtp-relay.networking.svc.cluster.local`	string
controllers.vaultwarden.containers.app.env.SMTP_SECURITY (10) `off`	string
controllers.vaultwarden.containers.app.env.SMTP_PORT (9) `25`	string, number
controllers.vaultwarden.containers.app.env.SMTP_FROM_NAME (7) `Vaultwarden`	string
controllers.vaultwarden.containers.app.env.WEBSOCKET_ENABLED (7) `true`	boolean, string
controllers.vaultwarden.containers.app.env.DATA_FOLDER (5) `data`	string
controllers.vaultwarden.containers.app.env.ATTACHMENTS_FOLDER (4) `data/attachments`	string
controllers.vaultwarden.containers.app.env.ICON_CACHE_FOLDER (4) `data/icon_cache`	string
controllers.vaultwarden.containers.app.env.PUSH_ENABLED (4) `true`	string, boolean
controllers.vaultwarden.containers.app.env.ROCKET_PORT (3) `8080`	string, number
controllers.vaultwarden.containers.app.env.SHOW_PASSWORD_HINT (3) `false`	boolean, string
controllers.vaultwarden.containers.app.env.SSO_AUTHORITY (3) `https://auth.${SECRET_DOMAIN}/application/o/vaultwarden/`	string
controllers.vaultwarden.containers.app.env.SSO_ENABLED (3) `true`	string, boolean
controllers.vaultwarden.containers.app.env.EXPERIMENTAL_CLIENT_FEATURE_FLAGS (2) `ssh-key-vault-item,ssh-agent`	string
controllers.vaultwarden.containers.app.env.INVITATIONS_ALLOWED (2) `false`	string, boolean
controllers.vaultwarden.containers.app.env.IP_HEADER (2) `X-Forwarded-For`	string
controllers.vaultwarden.containers.app.env.SSO_ONLY (2) `true`	string
controllers.vaultwarden.containers.app.env.SSO_SCOPES (2) `openid profile email offline_access`	string
controllers.vaultwarden.containers.app.env.WEBSOCKET_ADDRESS (2) `0.0.0.0`	string
controllers.vaultwarden.containers.app.env.ADMIN_TOKEN (1) `${admin_token}`	string
controllers.vaultwarden.containers.app.env.DATABASE_URL.secretKeyRef.key (1) `uri`	string
controllers.vaultwarden.containers.app.env.DATABASE_URL.secretKeyRef.name (1) `postgresql-app`	string
controllers.vaultwarden.containers.app.env.DATABASE_URL.valueFrom.secretKeyRef.key (1) `url`	string
controllers.vaultwarden.containers.app.env.DATABASE_URL.valueFrom.secretKeyRef.name (1) `{{ .Release.Name }}-postgres`	string
controllers.vaultwarden.containers.app.env.DATABASE_URL (1) `postgresql://vaultwarden@vaultwarden-postgres-17-rw.security.svc:5432/vaultwarden?sslrootcert=/certs/postgres/serving/ca.crt&sslcert=/certs/postgres/user/tls.crt&sslkey=/certs/postgres/user/tls.key&sslmode=verify-full`	string
controllers.vaultwarden.containers.app.env.DISABLE_ADMIN_TOKEN (1) `false`	boolean
controllers.vaultwarden.containers.app.env.EMAIL_2FA_AUTO_FALLBACK (1) `true`	string
controllers.vaultwarden.containers.app.env.EMAIL_CHANGE_ALLOWED (1) `true`	string
controllers.vaultwarden.containers.app.env.EVENTS_DAYS_RETAIN (1) `730`	string
controllers.vaultwarden.containers.app.env.LOGIN_RATELIMIT_MAX_BURST (1) `2`	string
controllers.vaultwarden.containers.app.env.ORG_ATTACHMENT_LIMIT (1) `1000000`	string
controllers.vaultwarden.containers.app.env.ORG_EVENTS_ENABLED (1) `true`	string
controllers.vaultwarden.containers.app.env.PASSWORD_ITERATIONS (1) `321000`	string
controllers.vaultwarden.containers.app.env.PUSH_INSTALLATION_ID (1) `${push_installation_id}`	string
controllers.vaultwarden.containers.app.env.PUSH_INSTALLATION_KEY (1) `${push_installation_key}`	string
controllers.vaultwarden.containers.app.env.REQUIRE_DEVICE_EMAIL (1) `true`	string
controllers.vaultwarden.containers.app.env.ROCKET_ADDRESS (1) `::`	string
controllers.vaultwarden.containers.app.env.SENDS_ALLOWED (1) `true`	boolean
controllers.vaultwarden.containers.app.env.SENDS_FOLDER (1) `config/sends`	string
controllers.vaultwarden.containers.app.env.SIGNUPS_VERIFY (1) `true`	string
controllers.vaultwarden.containers.app.env.SMTP_EXPLICIT_TLS (1) `true`	string
controllers.vaultwarden.containers.app.env.SMTP_PASSWORD.valueFrom.secretKeyRef.key (1) `password`	string
controllers.vaultwarden.containers.app.env.SMTP_PASSWORD.valueFrom.secretKeyRef.name (1) `vaultwarden-migadu`	string
controllers.vaultwarden.containers.app.env.SMTP_SSL (1) `true`	string
controllers.vaultwarden.containers.app.env.SMTP_TIMEOUT (1) `15`	number
controllers.vaultwarden.containers.app.env.SMTP_USERNAME (1) `vaultwarden@${SECRET_DOMAIN}`	string
controllers.vaultwarden.containers.app.env.SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION (1) `false`	string
controllers.vaultwarden.containers.app.env.SSO_CLIENT_ID (1) `vaultwarden`	string
controllers.vaultwarden.containers.app.env.SSO_CLIENT_SECRET.valueFrom.secretKeyRef.key (1) `client-secret`	string
controllers.vaultwarden.containers.app.env.SSO_CLIENT_SECRET.valueFrom.secretKeyRef.name (1) `kanidm-${APP}-oidc`	string
controllers.vaultwarden.containers.app.env.SSO_PKCE (1) `true`	string
controllers.vaultwarden.containers.app.env.SSO_SIGNUPS_MATCH_EMAIL (1) `true`	string
controllers.vaultwarden.containers.app.env.TIMEZONE (1) `${TZ}`	string
controllers.vaultwarden.containers.app.env.USER_ATTACHMENT_LIMIT (1) `1000000`	string
controllers.vaultwarden.containers.app.env.USER_SEND_LIMIT (1) `1000000`	string
controllers.vaultwarden.containers.app.env.WEB_VAULT_ENABLED (1) `true`	string
controllers.vaultwarden.containers.app.env.WEBSOCKET_PORT (1) `3012`	number
controllers.vaultwarden.containers.app.image.repository (13) `vaultwarden/server`	string
controllers.vaultwarden.containers.app.image.tag (13) `1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664`	string
controllers.vaultwarden.containers.app.envFrom[].secretRef.name (12) `vaultwarden-secret`	string
controllers.vaultwarden.containers.app.resources.limits.memory (11) `256Mi`	string
controllers.vaultwarden.containers.app.resources.requests.cpu (11) `100m`	string
controllers.vaultwarden.containers.app.resources.requests.memory (11) `100Mi`	string
controllers.vaultwarden.containers.app.securityContext.allowPrivilegeEscalation (11) `false`	boolean
controllers.vaultwarden.containers.app.securityContext.capabilities.drop[] (11) `- ALL`	string
controllers.vaultwarden.containers.app.securityContext.readOnlyRootFilesystem (11) `true`	boolean
controllers.vaultwarden.containers.app.probes.liveness.enabled (5) `true`	boolean
controllers.vaultwarden.containers.app.probes.liveness.custom (3) `true`	boolean
controllers.vaultwarden.containers.app.probes.liveness.spec.httpGet.path (3) `/alive`	string
controllers.vaultwarden.containers.app.probes.liveness.spec.httpGet.port (3) `80`	number
controllers.vaultwarden.containers.app.probes.liveness.spec.failureThreshold (2) `3`	number
controllers.vaultwarden.containers.app.probes.liveness.spec.initialDelaySeconds (2) `0`	number
controllers.vaultwarden.containers.app.probes.liveness.spec.periodSeconds (2) `10`	number
controllers.vaultwarden.containers.app.probes.liveness.spec.timeoutSeconds (2) `1`	number
controllers.vaultwarden.containers.app.probes.liveness.path (2) `/alive`	string
controllers.vaultwarden.containers.app.probes.liveness.type (1) `HTTP`	string
controllers.vaultwarden.containers.app.probes.readiness.enabled (5) `true`	boolean
controllers.vaultwarden.containers.app.probes.readiness.custom (3) `true`	boolean
controllers.vaultwarden.containers.app.probes.readiness.spec.httpGet.path (3) `/alive`	string
controllers.vaultwarden.containers.app.probes.readiness.spec.httpGet.port (3) `80`	number
controllers.vaultwarden.containers.app.probes.readiness.spec.failureThreshold (2) `3`	number
controllers.vaultwarden.containers.app.probes.readiness.spec.initialDelaySeconds (2) `0`	number
controllers.vaultwarden.containers.app.probes.readiness.spec.periodSeconds (2) `10`	number
controllers.vaultwarden.containers.app.probes.readiness.spec.timeoutSeconds (2) `1`	number
controllers.vaultwarden.containers.app.probes.readiness.path (2) `/alive`	string
controllers.vaultwarden.containers.app.probes.readiness.type (1) `HTTP`	string
controllers.vaultwarden.containers.app.probes.startup.enabled (1) `true`	boolean
controllers.vaultwarden.containers.app.probes.startup.path (1) `/alive`	string
controllers.vaultwarden.containers.app.probes.startup.spec.failureThreshold (1) `30`	number
controllers.vaultwarden.containers.app.probes.startup.spec.periodSeconds (1) `5`	number
controllers.vaultwarden.containers.app.probes.startup.type (1) `HTTP`	string
controllers.vaultwarden.containers.app.ports[].containerPort (1) `80`	number
controllers.vaultwarden.containers.app.ports[].name (1) `http`	string
controllers.vaultwarden.containers.anubis.env.BIND (1) `:8923`	string
controllers.vaultwarden.containers.anubis.env.COOKIE_DOMAIN (1) `${MAIN_DOMAIN}`	string
controllers.vaultwarden.containers.anubis.env.DIFFICULTY (1) `4`	string
controllers.vaultwarden.containers.anubis.env.ED25519_PRIVATE_KEY_HEX (1) `${ANUBIS_ED25519_PRIVATE_KEY_HEX}`	string
controllers.vaultwarden.containers.anubis.env.METRICS_BIND (1) `:8924`	string
controllers.vaultwarden.containers.anubis.env.SERVE_ROBOTS_TXT (1) `true`	string
controllers.vaultwarden.containers.anubis.env.TARGET (1) `http://localhost:80`	string
controllers.vaultwarden.containers.anubis.env.TZ (1) `${TIMEZONE}`	string
controllers.vaultwarden.containers.anubis.image.repository (1) `ghcr.io/techarohq/anubis`	string
controllers.vaultwarden.containers.anubis.image.tag (1) `v1.25.0`	string
controllers.vaultwarden.containers.anubis.resources.limits.memory (1) `256Mi`	string
controllers.vaultwarden.containers.anubis.resources.requests.cpu (1) `50m`	string
controllers.vaultwarden.containers.anubis.resources.requests.memory (1) `32Mi`	string
controllers.vaultwarden.containers.anubis.securityContext.allowPrivilegeEscalation (1) `false`	boolean
controllers.vaultwarden.containers.anubis.securityContext.capabilities.drop[] (1) `- ALL`	string
controllers.vaultwarden.containers.anubis.securityContext.readOnlyRootFilesystem (1) `true`	boolean
controllers.vaultwarden.containers.anubis.securityContext.runAsGroup (1) `1000`	number
controllers.vaultwarden.containers.anubis.securityContext.runAsNonRoot (1) `true`	boolean
controllers.vaultwarden.containers.anubis.securityContext.runAsUser (1) `1000`	number
controllers.vaultwarden.containers.backups.env.BACKUP_DIR (1) `/backups`	string
controllers.vaultwarden.containers.backups.env.BACKUP_ON_STARTUP (1) `true`	boolean
controllers.vaultwarden.containers.backups.env.CRON_TIME (1) `0 * * * *`	string
controllers.vaultwarden.containers.backups.env.DELETE_AFTER (1) `30`	number
controllers.vaultwarden.containers.backups.env.ENCRYPTION_PASSWORD.valueFrom.secretKeyRef.key (1) `VAULTWARDEN_BACKUP_PASS`	string
controllers.vaultwarden.containers.backups.env.ENCRYPTION_PASSWORD.valueFrom.secretKeyRef.name (1) `{{ .Release.Name }}-secret`	string
controllers.vaultwarden.containers.backups.env.GID (1) `0`	number
controllers.vaultwarden.containers.backups.env.TIMESTAMP (1) `true`	boolean
controllers.vaultwarden.containers.backups.env.UID (1) `0`	number
controllers.vaultwarden.containers.backups.image.repository (1) `bruceforce/vaultwarden-backup`	string
controllers.vaultwarden.containers.backups.image.tag (1) `2.1.4@sha256:ede1b229a2dd54af59cda87c086707274ae4073ecd2bde1a8ed9b1281ddc553e`	string
controllers.vaultwarden.containers.vaultwarden.env.ADMIN_TOKEN (1) `${VAULTWARDEN_ADMIN_TOKEN_HASHED}`	string
controllers.vaultwarden.containers.vaultwarden.env.DOMAIN (1) `https://vaultwarden.jnobrega.com`	string
controllers.vaultwarden.containers.vaultwarden.env.INVITATIONS_ALLOWED (1) `true`	string
controllers.vaultwarden.containers.vaultwarden.env.PASSWORD_HINTS_ALLOWED (1) `false`	boolean
controllers.vaultwarden.containers.vaultwarden.env.SIGNUPS_ALLOWED (1) `false`	string
controllers.vaultwarden.containers.vaultwarden.env.SMTP_FROM_NAME (1) `Vaultwarden`	string
controllers.vaultwarden.containers.vaultwarden.env.SMTP_HOST (1) `mail.gmx.com`	string
controllers.vaultwarden.containers.vaultwarden.env.SMTP_PORT (1) `587`	number
controllers.vaultwarden.containers.vaultwarden.env.SMTP_SECURITY (1) `starttls`	string
controllers.vaultwarden.containers.vaultwarden.env.TRASH_AUTO_DELETE_DAYS (1) `7`	number
controllers.vaultwarden.containers.vaultwarden.env.TZ (1) `Europe/Lisbon`	string
controllers.vaultwarden.containers.vaultwarden.env.WEBSOCKET_ADDRESS (1) `0.0.0.0`	string
controllers.vaultwarden.containers.vaultwarden.env.WEBSOCKET_ENABLED (1) `true`	string
controllers.vaultwarden.containers.vaultwarden.env.WEBSOCKET_PORT (1) `3012`	number
controllers.vaultwarden.containers.vaultwarden.envFrom[].secretRef.name (1) `vaultwarden-secret`	string
controllers.vaultwarden.containers.vaultwarden.image.repository (1) `vaultwarden/server`	string
controllers.vaultwarden.containers.vaultwarden.image.tag (1) `1.35.3-alpine@sha256:c40957876ec13c1cb0d2b08f86e8f738e6d06f7460bad9cdae216cded174c10d`	string
controllers.vaultwarden.containers.vaultwarden.probes.liveness.enabled (1) `false`	boolean
controllers.vaultwarden.containers.vaultwarden.probes.readiness.enabled (1) `false`	boolean
controllers.vaultwarden.containers.vaultwarden.probes.startup.enabled (1) `false`	boolean
controllers.vaultwarden.containers.vaultwarden.resources.limits.memory (1) `250Mi`	string
controllers.vaultwarden.containers.vaultwarden.resources.requests.cpu (1) `10m`	string
controllers.vaultwarden.containers.vaultwarden.resources.requests.memory (1) `100Mi`	string
controllers.vaultwarden.annotations."reloader.stakater.com/auto" (11) `true`	string
controllers.vaultwarden.initContainers.init-db.envFrom[].secretRef.name (7) `vaultwarden-secret`	string
controllers.vaultwarden.initContainers.init-db.image.repository (7) `ghcr.io/home-operations/postgres-init`	string
controllers.vaultwarden.initContainers.init-db.image.tag (7) `18`	string, number
controllers.vaultwarden.initContainers.init-db.image.pullPolicy (2) `IfNotPresent`	string
controllers.vaultwarden.initContainers.init-db.env.INIT_POSTGRES_SUPER_PASS.valueFrom.secretKeyRef.key (1) `password`	string
controllers.vaultwarden.initContainers.init-db.env.INIT_POSTGRES_SUPER_PASS.valueFrom.secretKeyRef.name (1) `household-postgres-superuser`	string
controllers.vaultwarden.pod.securityContext.fsGroup (7) `1000`	number
controllers.vaultwarden.pod.securityContext.fsGroupChangePolicy (7) `OnRootMismatch`	string
controllers.vaultwarden.pod.securityContext.runAsGroup (7) `1000`	number
controllers.vaultwarden.pod.securityContext.runAsUser (7) `1000`	number
controllers.vaultwarden.pod.securityContext.runAsNonRoot (6) `true`	boolean
controllers.vaultwarden.pod.securityContext.seccompProfile.type (5) `RuntimeDefault`	string
controllers.vaultwarden.pod.annotations."reloader.stakater.com/auto" (1) `true`	string
controllers.vaultwarden.pod.labels."endpoints.netpols.home.arpa/email-sender" (1) `true`	string
controllers.vaultwarden.pod.labels."policy.gabe565.com/egress-namespace" (1) `true`	string
controllers.vaultwarden.pod.labels."policy.gabe565.com/egress-world" (1) `true`	string
controllers.vaultwarden.pod.labels."policy.gabe565.com/ingress-envoy-public" (1) `true`	string
controllers.vaultwarden.pod.priorityClassName (1) `system-cluster-critical`	string
controllers.vaultwarden.pod.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (1) `vaultwarden`	string
controllers.vaultwarden.pod.topologySpreadConstraints[].maxSkew (1) `1`	number
controllers.vaultwarden.pod.topologySpreadConstraints[].topologyKey (1) `kubernetes.io/hostname`	string
controllers.vaultwarden.pod.topologySpreadConstraints[].whenUnsatisfiable (1) `DoNotSchedule`	string
controllers.vaultwarden.replicas (3) `2`	number
controllers.vaultwarden.labels.postgres (1) `true`	string
controllers.vaultwarden.strategy (1) `Recreate`	string
controllers.${APP}.annotations."reloader.stakater.com/auto" (1) `true`	string
controllers.${APP}.containers.app.env.TZ (1) `${TIMEZONE}`	string
controllers.${APP}.containers.app.image.pullPolicy (1) `IfNotPresent`	string
controllers.${APP}.containers.app.image.repository (1) `ghcr.io/dani-garcia/vaultwarden`	string
controllers.${APP}.containers.app.image.tag (1) `1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664`	string
controllers.${APP}.containers.app.probes.liveness.custom (1) `true`	boolean
controllers.${APP}.containers.app.probes.liveness.enabled (1) `true`	boolean
controllers.${APP}.containers.app.probes.liveness.spec.failureThreshold (1) `3`	number
controllers.${APP}.containers.app.probes.liveness.spec.httpGet.path (1) `/alive`	string
controllers.${APP}.containers.app.probes.liveness.spec.httpGet.port (1) `80`	number
controllers.${APP}.containers.app.probes.liveness.spec.initialDelaySeconds (1) `0`	number
controllers.${APP}.containers.app.probes.liveness.spec.periodSeconds (1) `10`	number
controllers.${APP}.containers.app.probes.liveness.spec.timeoutSeconds (1) `1`	number
controllers.${APP}.containers.app.probes.readiness.custom (1) `true`	boolean
controllers.${APP}.containers.app.probes.readiness.enabled (1) `true`	boolean
controllers.${APP}.containers.app.probes.readiness.spec.failureThreshold (1) `3`	number
controllers.${APP}.containers.app.probes.readiness.spec.httpGet.path (1) `/alive`	string
controllers.${APP}.containers.app.probes.readiness.spec.httpGet.port (1) `80`	number
controllers.${APP}.containers.app.probes.readiness.spec.initialDelaySeconds (1) `0`	number
controllers.${APP}.containers.app.probes.readiness.spec.periodSeconds (1) `10`	number
controllers.${APP}.containers.app.probes.readiness.spec.timeoutSeconds (1) `1`	number
controllers.${APP}.containers.app.resources.limits.memory (1) `256Mi`	string
controllers.${APP}.containers.app.resources.requests.cpu (1) `10m`	string
controllers.${APP}.containers.app.resources.requests.memory (1) `64Mi`	string
controllers.${APP}.containers.app.securityContext.fsGroup (1) `1000`	number
controllers.${APP}.containers.app.securityContext.fsGroupChangePolicy (1) `OnRootMismatch`	string
controllers.${APP}.containers.app.securityContext.runAsGroup (1) `1000`	number
controllers.${APP}.containers.app.securityContext.runAsNonRoot (1) `true`	boolean
controllers.${APP}.containers.app.securityContext.runAsUser (1) `1000`	number
controllers.${APP}.containers.app.securityContext.seccompProfile.type (1) `RuntimeDefault`	string
controllers.${APP}.containers.backup.env.BACKUP_KEEP_DAYS (1) `30`	number
controllers.${APP}.containers.backup.env.CRON (1) `0 5 * * *`	string
controllers.${APP}.containers.backup.env.DATA_DIR (1) `/data`	string
controllers.${APP}.containers.backup.env.PING_URL_WHEN_FAILURE_CURL_OPTIONS (1) `-H 'Content-Type: application/json' -d '{"content":"❌ Vaultwarden backup failed!"}'`	string
controllers.${APP}.containers.backup.env.PING_URL_WHEN_FAILURE.valueFrom.secretKeyRef.key (1) `VAULTWARDEN_BACKUP_PING_URL`	string
controllers.${APP}.containers.backup.env.PING_URL_WHEN_FAILURE.valueFrom.secretKeyRef.name (1) `vaultwarden-secret`	string
controllers.${APP}.containers.backup.env.PING_URL_WHEN_SUCCESS_CURL_OPTIONS (1) `-H 'Content-Type: application/json' -d '{"content":"✅ Vaultwarden backup completed successfully."}'`	string
controllers.${APP}.containers.backup.env.PING_URL_WHEN_SUCCESS.valueFrom.secretKeyRef.key (1) `VAULTWARDEN_BACKUP_PING_URL`	string
controllers.${APP}.containers.backup.env.PING_URL_WHEN_SUCCESS.valueFrom.secretKeyRef.name (1) `vaultwarden-secret`	string
controllers.${APP}.containers.backup.env.RCLONE_CONFIG (1) `/data/rclone.conf`	string
controllers.${APP}.containers.backup.env.RCLONE_REMOTE_DIR (1) `/Vaultwarden-k3s/`	string
controllers.${APP}.containers.backup.env.RCLONE_REMOTE_NAME (1) `Google Drive`	string
controllers.${APP}.containers.backup.env.RCLONE_TEMP_DIR (1) `/data/`	string
controllers.${APP}.containers.backup.env.TIMEZONE (1) `${TIMEZONE}`	string
controllers.${APP}.containers.backup.env.ZIP_ENABLE (1) `true`	boolean
controllers.${APP}.containers.backup.env.ZIP_PASSWORD.valueFrom.secretKeyRef.key (1) `VAULTWARDEN_BACKUP_ZIP_PASSWORD`	string
controllers.${APP}.containers.backup.env.ZIP_PASSWORD.valueFrom.secretKeyRef.name (1) `vaultwarden-secret`	string
controllers.${APP}.containers.backup.image.pullPolicy (1) `IfNotPresent`	string
controllers.${APP}.containers.backup.image.repository (1) `ghcr.io/ttionya/vaultwarden-backup`	string
controllers.${APP}.containers.backup.image.tag (1) `1.26.2@sha256:a0e4993de7d9cef214e2c2d458002317c02f12be59d736ed7baf57fff7086645`	string
controllers.${APP}.containers.backup.nameOverride (1) `backup`	string
controllers.${APP}.containers.backup.resources.limits.memory (1) `256Mi`	string
controllers.${APP}.containers.backup.resources.requests.cpu (1) `10m`	string
controllers.${APP}.containers.backup.resources.requests.memory (1) `64Mi`	string
controllers.${APP}.containers.backup.securityContext.fsGroup (1) `1000`	number
controllers.${APP}.containers.backup.securityContext.readOnlyRootFilesystem (1) `false`	boolean
controllers.${APP}.enabled (1) `true`	boolean
controllers.${APP}.replicas (1) `1`	number
controllers.${APP}.type (1) `deployment`	string
controllers.app.containers.app.env.ADMIN_TOKEN (1) `${VAULTWARDEN_ADMIN_TOKEN}`	string
controllers.app.containers.app.env.DATABASE_URL (1) `postgresql://vaultwarden:${POSTGRES_VAULTWARDEN_PASSWORD}@${POSTGRES_ADDRESS}`	string
controllers.app.containers.app.env.DOMAIN (1) `https://warden.${CLUSTER_DOMAIN}`	string
controllers.app.containers.app.env.SIGNUPS_ALLOWED (1) `false`	string
controllers.app.containers.app.env.SMTP_FROM (1) `vaultwarden@${CLUSTER_DOMAIN}`	string
controllers.app.containers.app.env.SMTP_FROM_NAME (1) `Vaultwarden`	string
controllers.app.containers.app.env.SMTP_HOST (1) `${SMTP_HOSTNAME}`	string
controllers.app.containers.app.env.SMTP_PASSWORD (1) `${SMTP_PASSWORD}`	string
controllers.app.containers.app.env.SMTP_PORT (1) `${SMTP_PORT}`	string
controllers.app.containers.app.env.SMTP_SECURITY (1) `${SMTP_SECURITY}`	string
controllers.app.containers.app.env.SMTP_USERNAME (1) `${SMTP_USERNAME}`	string
controllers.app.containers.app.image.repository (1) `ghcr.io/dani-garcia/vaultwarden`	string
controllers.app.containers.app.image.tag (1) `1.35.3-alpine@sha256:c40957876ec13c1cb0d2b08f86e8f738e6d06f7460bad9cdae216cded174c10d`	string
controllers.main.containers.main.env.DATA_FOLDER (1) `config`	string
controllers.main.containers.main.env.DOMAIN (1) `https://vault.${SECRET_DOMAIN}`	string
controllers.main.containers.main.env.SIGNUPS_ALLOWED (1) `false`	boolean
controllers.main.containers.main.env.TZ (1) `${TIMEZONE}`	string
controllers.main.containers.main.env.WEBSOCKET_ADDRESS (1) `0.0.0.0`	string
controllers.main.containers.main.env.WEBSOCKET_ENABLED (1) `true`	boolean
controllers.main.containers.main.env.WEBSOCKET_PORT (1) `3012`	number
controllers.main.containers.main.envFrom[].secretRef.name (1) `vaultwarden`	string
controllers.main.containers.main.image.repository (1) `docker.io/vaultwarden/server`	string
controllers.main.containers.main.image.tag (1) `1.34.3-alpine@sha256:d70118b9dafb8588ee2651ceb5df68db27dcbd8e18467722010644ba48d5d6d6`	string
controllers.main.containers.main.resources.limits.memory (1) `100Mi`	string
controllers.main.containers.main.resources.requests.cpu (1) `15m`	string
controllers.main.containers.main.resources.requests.memory (1) `100Mi`	string
controllers.main.pod.securityContext.fsGroup (1) `568`	number
controllers.main.pod.securityContext.fsGroupChangePolicy (1) `OnRootMismatch`	string
controllers.main.pod.securityContext.runAsGroup (1) `568`	number
controllers.main.pod.securityContext.runAsUser (1) `568`	number
controllers.main.pod.securityContext.supplementalGroups[] (1) `- "100"`	number
route.app.hostnames[] (8) `- vaultwarden.${DOMAIN}`	string
route.app.parentRefs[].name (8) `envoy-external`	string
route.app.parentRefs[].namespace (8) `network`	string
route.app.parentRefs[].sectionName (3) `https`	string
route.app.rules[].backendRefs[].identifier (3) `app`	string
route.app.rules[].backendRefs[].port (2) `http`	string, number
route.app.rules[].filters[].requestHeaderModifier.set[].name (1) `X-Real-IP`	string
route.app.rules[].filters[].requestHeaderModifier.set[].value (1) `%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%`	string
route.app.rules[].filters[].type (1) `RequestHeaderModifier`	string
route.app.rules[].matches[].path.type (1) `PathPrefix PathPrefix PathPrefix PathPrefix`	string
route.app.rules[].matches[].path.value (1) `/api /identity /icons /images`	string
route.app.annotations."gethomepage.dev/description" (2) `Lightweight, self-hosted password manager`	string
route.app.annotations."gethomepage.dev/enabled" (2) `true`	string
route.app.annotations."gethomepage.dev/group" (2) `Apps`	string
route.app.annotations."gethomepage.dev/icon" (2) `vaultwarden-light`	string
route.app.annotations."gethomepage.dev/name" (2) `Vaultwarden`	string
route.app.annotations."gatus.home-operations.com/endpoint" (1) `conditions: ["[STATUS] == 200"]`	string
route.app.annotations."gethomepage.dev/app" (1) `vaultwarden`	string
route.app.annotations."gethomepage.dev/pod-selector" (1) `app.kubernetes.io/name = vaultwarden`	string
route.app.enabled (1) `true`	boolean
route.app.forceRename (1) `{{ .Release.Name }}`	string
route.app.kind (1) `HTTPRoute`	string
route.admin.hostnames[] (2) `- bitwarden.${SECRET_DOMAIN_INTERNAL}`	string
route.admin.parentRefs[].name (2) `envoy-internal`	string
route.admin.parentRefs[].namespace (2) `networking`	string
route.admin.parentRefs[].sectionName (1) `websecure`	string
route.admin.rules[].backendRefs[].identifier (2) `app`	string
route.admin.rules[].backendRefs[].port (1) `http`	string
route.admin.rules[].matches[].path.type (2) `PathPrefix`	string
route.admin.rules[].matches[].path.value (2) `/admin`	string
route.admin.rules[].filters[].extensionRef.group (1) `traefik.io`	string
route.admin.rules[].filters[].extensionRef.kind (1) `Middleware`	string
route.admin.rules[].filters[].extensionRef.name (1) `auth-chain`	string
route.admin.rules[].filters[].type (1) `ExtensionRef`	string
route.admin.annotations."gatus.home-operations.com/enabled" (1) `false`	string
route.vaultwarden.hostnames[] (2) `- ${app_url}`	string
route.vaultwarden.parentRefs[].name (2) `envoy-public`	string
route.vaultwarden.parentRefs[].namespace (2) `envoy-gateway-system`	string
route.vaultwarden.parentRefs[].sectionName (1) `https`	string
route.vaultwarden.rules[].backendRefs[].identifier (2) `vaultwarden vaultwarden`	string
route.vaultwarden.rules[].backendRefs[].port (1) `80`	number
route.vaultwarden.rules[].matches[].path.type (1) `PathPrefix`	string
route.vaultwarden.rules[].matches[].path.value (1) `/admin`	string
route.vaultwarden.rules[].name (1) `web admin`	string
route.main.hostnames[] (1) `- vaultwarden.jnobrega.com`	string
route.main.parentRefs[].kind (1) `Gateway`	string
route.main.parentRefs[].name (1) `internal`	string
route.main.parentRefs[].namespace (1) `network`	string
route.main.parentRefs[].sectionName (1) `websecure`	string
route.main.rules[].backendRefs[].name (1) `vaultwarden`	string
route.main.rules[].backendRefs[].port (1) `80`	number
persistence.config.existingClaim (7) `vaultwarden`	string
persistence.config.globalMounts[].path (6) `/data`	string
persistence.data.existingClaim (4) `vaultwarden`	string
persistence.data.accessMode (3) `ReadWriteOnce`	string
persistence.data.size (3) `8Gi`	string
persistence.data.storageClass (3) `longhorn-ssd`	string
persistence.data.type (3) `persistentVolumeClaim`	string
persistence.data.enabled (2) `true`	boolean
persistence.data.retain (2) `true`	boolean
persistence.data.suffix (2) `data`	string
persistence.data.advancedMounts.vaultwarden.app[].path (1) `/data`	string
persistence.data.globalMounts[].path (1) `/data`	string
persistence.data.globalMounts[].subPath (1) `vaultwarden`	string
persistence.data.path (1) `/volume1/apps/identity`	string
persistence.data.server (1) `${NFS_SERVER}`	string
persistence.backups.globalMounts[].path (1) `/backups`	string
persistence.backups.path (1) `/mnt/${SECRET_NFS_SHARE}/backups/vaultwarden`	string
persistence.backups.server (1) `${SECRET_NFS_SERVER}`	string
persistence.backups.type (1) `nfs`	string
persistence.env.advancedMounts.${APP}.app[].path (1) `/.env`	string
persistence.env.advancedMounts.${APP}.app[].readOnly (1) `true`	boolean
persistence.env.advancedMounts.${APP}.app[].subPath (1) `.env`	string
persistence.env.enabled (1) `true`	boolean
persistence.env.items[].key (1) `.env`	string
persistence.env.items[].path (1) `.env`	string
persistence.env.name (1) `vaultwarden-secret`	string
persistence.env.type (1) `secret`	string
persistence.postgres-serving-cert.advancedMounts.vaultwarden.app[].path (1) `/certs/postgres/serving`	string
persistence.postgres-serving-cert.defaultMode (1) `444`	number
persistence.postgres-serving-cert.items[].key (1) `ca.crt`	string
persistence.postgres-serving-cert.items[].path (1) `ca.crt`	string
persistence.postgres-serving-cert.name (1) `vaultwarden-postgres-17-serving-cert`	string
persistence.postgres-serving-cert.type (1) `secret`	string
persistence.postgres-user-cert.advancedMounts.vaultwarden.app[].path (1) `/certs/postgres/user`	string
persistence.postgres-user-cert.defaultMode (1) `440`	number
persistence.postgres-user-cert.items[].key (1) `tls.crt tls.key`	string
persistence.postgres-user-cert.items[].path (1) `tls.crt tls.key`	string
persistence.postgres-user-cert.name (1) `vaultwarden-postgres-vaultwarden-user`	string
persistence.postgres-user-cert.type (1) `secret`	string
persistence.tmp.type (1) `emptyDir`	string
ingress.app.hosts[].host (4) `vault.${SECRET_DOMAIN}`	string
ingress.app.hosts[].paths[].path (4) `/`	string
ingress.app.hosts[].paths[].service.identifier (4) `app`	string
ingress.app.hosts[].paths[].service.port (4) `http`	string, number
ingress.app.className (3) `external`	string
ingress.app.annotations."external-dns.alpha.kubernetes.io/target" (2) `external.${SECRET_DOMAIN}`	string
ingress.app.annotations."cert-manager.io/cluster-issuer" (1) `letsencrypt-production`	string
ingress.app.annotations."external-dns.home.arpa/enabled" (1) `true`	string
ingress.app.annotations."gethomepage.dev/description" (1) `Password Management`	string
ingress.app.annotations."gethomepage.dev/enabled" (1) `true`	string
ingress.app.annotations."gethomepage.dev/group" (1) `Security`	string
ingress.app.annotations."gethomepage.dev/icon" (1) `vaultwarden.png`	string
ingress.app.annotations."gethomepage.dev/name" (1) `Vaultwarden-k3s`	string
ingress.app.annotations."gethomepage.dev/pod-selector" (1) `app.kubernetes.io/name=vaultwarden`	string
ingress.app.annotations."gethomepage.dev/siteMonitor" (1) `http://${APP}.security.svc.cluster.local:80`	string
ingress.app.annotations."hajimari.io/enable" (1) `true`	string
ingress.app.annotations."hajimari.io/group" (1) `Authentication`	string
ingress.app.annotations."hajimari.io/icon" (1) `cbi:vaultwarden`	string
ingress.app.annotations."hajimari.io/name" (1) `Vaultwarden`	string
ingress.app.annotations."traefik.ingress.kubernetes.io/router.middlewares" (1) `networking-cloudflare-ips@kubernetescrd`	string
ingress.app.enabled (2) `true`	boolean
ingress.app.tls[].hosts[] (2) `- vault.${SECRET_DOMAIN}`	string
ingress.app.tls[].secretName (2) `${SECRET_DOMAIN/./-}-tls`	string
ingress.admin.enabled (2) `true`	boolean
ingress.admin.hosts[].host (2) `vaultwarden.${SECRET_DOMAIN}`	string
ingress.admin.hosts[].paths[].path (2) `/admin`	string
ingress.admin.hosts[].paths[].service.identifier (2) `app`	string
ingress.admin.hosts[].paths[].service.port (2) `http`	string
ingress.admin.annotations."auth.home.arpa/enabled" (1) `true`	string
ingress.admin.annotations."external-dns.alpha.kubernetes.io/exclude" (1) `true`	string
ingress.admin.annotations."external-dns.home.arpa/enabled" (1) `true`	string
ingress.admin.annotations."nginx.ingress.kubernetes.io/custom-http-errors" (1) `500,501,502,503,504,505,506,510`	string
ingress.admin.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" (1) `10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16`	string
ingress.admin.annotations."traefik.ingress.kubernetes.io/router.middlewares" (1) `networking-secure-networks@kubernetescrd`	string
ingress.admin.className (1) `external`	string
ingress.admin.tls[].hosts[] (1) `- ${GATUS_SUBDOMAIN:-${APP}}.${SECRET_DOMAIN}`	string
ingress.admin.tls[].secretName (1) `${APP}-tls-production`	string
ingress.main.annotations."cert-manager.io/cluster-issuer" (1) `letsencrypt-production`	string
ingress.main.annotations.external-dns/is-public (1) `true`	string
ingress.main.annotations."gethomepage.dev/description" (1) `Open Source Password Manager.`	string
ingress.main.annotations."gethomepage.dev/enabled" (1) `true`	string
ingress.main.annotations."gethomepage.dev/group" (1) `Security`	string
ingress.main.annotations."gethomepage.dev/icon" (1) `vaultwarden`	string
ingress.main.annotations."gethomepage.dev/name" (1) `Vaultwarden`	string
ingress.main.className (1) `external`	string
ingress.main.hosts[].host (1) `vault.${SECRET_DOMAIN}`	string
ingress.main.hosts[].paths[].path (1) `/ /notifications/hub /notifications/hub/negotiate`	string
ingress.main.hosts[].paths[].pathType (1) `Prefix Prefix`	string
ingress.main.hosts[].paths[].service.identifier (1) `main main main`	string
ingress.main.hosts[].paths[].service.port (1) `http websocket http`	string
ingress.main.tls[].hosts[] (1) `- vault.${SECRET_DOMAIN}`	string
ingress.main.tls[].secretName (1) `vault-tls`	string
defaultPodOptions.securityContext.runAsGroup (3) `1000`	number
defaultPodOptions.securityContext.runAsNonRoot (3) `true`	boolean
defaultPodOptions.securityContext.runAsUser (3) `1000`	number
defaultPodOptions.securityContext.fsGroup (2) `1000`	number
defaultPodOptions.securityContext.fsGroupChangePolicy (2) `OnRootMismatch`	string
defaultPodOptions.annotations."secret.reloader.stakater.com/reload" (1) `vaultwarden`	string
podAnnotations."secret.reloader.stakater.com/reload" (1) `vaultwarden`	string
rawResources.admin-auth.apiVersion (1) `gateway.envoyproxy.io/v1alpha1`	string
rawResources.admin-auth.kind (1) `SecurityPolicy`	string
rawResources.admin-auth.spec.spec.oidc.clientIDRef.name (1) `oidc`	string
rawResources.admin-auth.spec.spec.oidc.clientSecret.name (1) `oidc`	string
rawResources.admin-auth.spec.spec.oidc.logoutPath (1) `/admin/oauth2/logout`	string
rawResources.admin-auth.spec.spec.oidc.provider.issuer (1) `https://${oidc_host}/application/o/vaultwarden-admin/`	string
rawResources.admin-auth.spec.spec.oidc.redirectURL (1) `%REQ(x-forwarded-proto)%://%REQ(:authority)%/admin/oauth2/callback`	string
rawResources.admin-auth.spec.spec.oidc.scopes[] (1) `- openid - offline_access`	string
rawResources.admin-auth.spec.spec.targetRefs[].group (1) `gateway.networking.k8s.io`	string
rawResources.admin-auth.spec.spec.targetRefs[].kind (1) `HTTPRoute`	string
rawResources.admin-auth.spec.spec.targetRefs[].name (1) `{{ .Release.Name }}`	string
rawResources.admin-auth.spec.spec.targetRefs[].sectionName (1) `admin`	string

Key

Types

service.app.ports.http.port (14)

number

service.app.ports.http.protocol (1)

HTTP

string

service.app.ports.websocket.enabled (2)

true

boolean

service.app.ports.websocket.port (2)

number

service.app.ports.anubis.port (1)

number

service.app.controller (10)

vaultwarden

string

service.app.sessionAffinity (1)

ClientIP

string

service.app.sessionAffinityConfig.clientIP.timeoutSeconds (1)

number

service.vaultwarden.controller (2)

vaultwarden

string

service.vaultwarden.ports.http.port (2)

number

service.main.controller (1)

main

string

service.main.ports.http.port (1)

number

service.main.ports.websocket.enabled (1)

true

boolean

service.main.ports.websocket.port (1)

number

controllers.vaultwarden.containers.app.env.DOMAIN (13)

https://vault.${SECRET_DOMAIN}

string

controllers.vaultwarden.containers.app.env.SIGNUPS_ALLOWED (12)

false

string, boolean

controllers.vaultwarden.containers.app.env.TZ (11)

${TIMEZONE}

string

controllers.vaultwarden.containers.app.env.SMTP_FROM (10)

vaultwarden@${SECRET_DOMAIN}

string

controllers.vaultwarden.containers.app.env.SMTP_HOST (10)

smtp-relay.networking.svc.cluster.local

string

controllers.vaultwarden.containers.app.env.SMTP_SECURITY (10)

off

string

controllers.vaultwarden.containers.app.env.SMTP_PORT (9)

string, number

controllers.vaultwarden.containers.app.env.SMTP_FROM_NAME (7)

Vaultwarden

string

controllers.vaultwarden.containers.app.env.WEBSOCKET_ENABLED (7)

true

boolean, string

controllers.vaultwarden.containers.app.env.DATA_FOLDER (5)

data

string

controllers.vaultwarden.containers.app.env.ATTACHMENTS_FOLDER (4)

data/attachments

string

controllers.vaultwarden.containers.app.env.ICON_CACHE_FOLDER (4)

data/icon_cache

string

controllers.vaultwarden.containers.app.env.PUSH_ENABLED (4)

true

string, boolean

controllers.vaultwarden.containers.app.env.ROCKET_PORT (3)

string, number

controllers.vaultwarden.containers.app.env.SHOW_PASSWORD_HINT (3)

false

boolean, string

controllers.vaultwarden.containers.app.env.SSO_AUTHORITY (3)

https://auth.${SECRET_DOMAIN}/application/o/vaultwarden/

string

controllers.vaultwarden.containers.app.env.SSO_ENABLED (3)

true

string, boolean

controllers.vaultwarden.containers.app.env.EXPERIMENTAL_CLIENT_FEATURE_FLAGS (2)

ssh-key-vault-item,ssh-agent

string

controllers.vaultwarden.containers.app.env.INVITATIONS_ALLOWED (2)

false

string, boolean

controllers.vaultwarden.containers.app.env.IP_HEADER (2)

X-Forwarded-For

string

controllers.vaultwarden.containers.app.env.SSO_ONLY (2)

true

string

controllers.vaultwarden.containers.app.env.SSO_SCOPES (2)

openid profile email offline_access

string

controllers.vaultwarden.containers.app.env.WEBSOCKET_ADDRESS (2)

0.0.0.0

string

controllers.vaultwarden.containers.app.env.ADMIN_TOKEN (1)

${admin_token}

string

controllers.vaultwarden.containers.app.env.DATABASE_URL.secretKeyRef.key (1)

uri

string

controllers.vaultwarden.containers.app.env.DATABASE_URL.secretKeyRef.name (1)

postgresql-app

string

controllers.vaultwarden.containers.app.env.DATABASE_URL.valueFrom.secretKeyRef.key (1)

url

string

controllers.vaultwarden.containers.app.env.DATABASE_URL.valueFrom.secretKeyRef.name (1)

{{ .Release.Name }}-postgres

string

controllers.vaultwarden.containers.app.env.DATABASE_URL (1)

postgresql://vaultwarden@vaultwarden-postgres-17-rw.security.svc:5432/vaultwarden?sslrootcert=/certs/postgres/serving/ca.crt&sslcert=/certs/postgres/user/tls.crt&sslkey=/certs/postgres/user/tls.key&sslmode=verify-full

string

controllers.vaultwarden.containers.app.env.DISABLE_ADMIN_TOKEN (1)

false

boolean

controllers.vaultwarden.containers.app.env.EMAIL_2FA_AUTO_FALLBACK (1)

true

string

controllers.vaultwarden.containers.app.env.EMAIL_CHANGE_ALLOWED (1)

true

string

controllers.vaultwarden.containers.app.env.EVENTS_DAYS_RETAIN (1)

string

controllers.vaultwarden.containers.app.env.LOGIN_RATELIMIT_MAX_BURST (1)

string

controllers.vaultwarden.containers.app.env.ORG_ATTACHMENT_LIMIT (1)

string

controllers.vaultwarden.containers.app.env.ORG_EVENTS_ENABLED (1)

true

string

controllers.vaultwarden.containers.app.env.PASSWORD_ITERATIONS (1)

string

controllers.vaultwarden.containers.app.env.PUSH_INSTALLATION_ID (1)

${push_installation_id}

string

controllers.vaultwarden.containers.app.env.PUSH_INSTALLATION_KEY (1)

${push_installation_key}

string

controllers.vaultwarden.containers.app.env.REQUIRE_DEVICE_EMAIL (1)

true

string

controllers.vaultwarden.containers.app.env.ROCKET_ADDRESS (1)

::

string

controllers.vaultwarden.containers.app.env.SENDS_ALLOWED (1)

true

boolean

controllers.vaultwarden.containers.app.env.SENDS_FOLDER (1)

config/sends

string

controllers.vaultwarden.containers.app.env.SIGNUPS_VERIFY (1)

true

string

controllers.vaultwarden.containers.app.env.SMTP_EXPLICIT_TLS (1)

true

string

controllers.vaultwarden.containers.app.env.SMTP_PASSWORD.valueFrom.secretKeyRef.key (1)

password

string

controllers.vaultwarden.containers.app.env.SMTP_PASSWORD.valueFrom.secretKeyRef.name (1)

vaultwarden-migadu

string

controllers.vaultwarden.containers.app.env.SMTP_SSL (1)

true

string

controllers.vaultwarden.containers.app.env.SMTP_TIMEOUT (1)

number

controllers.vaultwarden.containers.app.env.SMTP_USERNAME (1)

vaultwarden@${SECRET_DOMAIN}

string

controllers.vaultwarden.containers.app.env.SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION (1)

false

string

controllers.vaultwarden.containers.app.env.SSO_CLIENT_ID (1)

vaultwarden

string

controllers.vaultwarden.containers.app.env.SSO_CLIENT_SECRET.valueFrom.secretKeyRef.key (1)

client-secret

string

controllers.vaultwarden.containers.app.env.SSO_CLIENT_SECRET.valueFrom.secretKeyRef.name (1)

kanidm-${APP}-oidc

string

controllers.vaultwarden.containers.app.env.SSO_PKCE (1)

true

string

controllers.vaultwarden.containers.app.env.SSO_SIGNUPS_MATCH_EMAIL (1)

true

string

controllers.vaultwarden.containers.app.env.TIMEZONE (1)

${TZ}

string

controllers.vaultwarden.containers.app.env.USER_ATTACHMENT_LIMIT (1)

string

controllers.vaultwarden.containers.app.env.USER_SEND_LIMIT (1)

string

controllers.vaultwarden.containers.app.env.WEB_VAULT_ENABLED (1)

true

string

controllers.vaultwarden.containers.app.env.WEBSOCKET_PORT (1)

number

controllers.vaultwarden.containers.app.image.repository (13)

vaultwarden/server

string

controllers.vaultwarden.containers.app.image.tag (13)

1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664

string

controllers.vaultwarden.containers.app.envFrom[].secretRef.name (12)

vaultwarden-secret

string

controllers.vaultwarden.containers.app.resources.limits.memory (11)

256Mi

string

controllers.vaultwarden.containers.app.resources.requests.cpu (11)

100m

string

controllers.vaultwarden.containers.app.resources.requests.memory (11)

100Mi

string

controllers.vaultwarden.containers.app.securityContext.allowPrivilegeEscalation (11)

false

boolean

controllers.vaultwarden.containers.app.securityContext.capabilities.drop[] (11)

- ALL

string

controllers.vaultwarden.containers.app.securityContext.readOnlyRootFilesystem (11)

true

boolean

controllers.vaultwarden.containers.app.probes.liveness.enabled (5)

true

boolean

controllers.vaultwarden.containers.app.probes.liveness.custom (3)

true

boolean

controllers.vaultwarden.containers.app.probes.liveness.spec.httpGet.path (3)

/alive

string

controllers.vaultwarden.containers.app.probes.liveness.spec.httpGet.port (3)

number

controllers.vaultwarden.containers.app.probes.liveness.spec.failureThreshold (2)

number

controllers.vaultwarden.containers.app.probes.liveness.spec.initialDelaySeconds (2)

number

controllers.vaultwarden.containers.app.probes.liveness.spec.periodSeconds (2)

number

controllers.vaultwarden.containers.app.probes.liveness.spec.timeoutSeconds (2)

number

controllers.vaultwarden.containers.app.probes.liveness.path (2)

/alive

string

controllers.vaultwarden.containers.app.probes.liveness.type (1)

HTTP

string

controllers.vaultwarden.containers.app.probes.readiness.enabled (5)

true

boolean

controllers.vaultwarden.containers.app.probes.readiness.custom (3)

true

boolean

controllers.vaultwarden.containers.app.probes.readiness.spec.httpGet.path (3)

/alive

string

controllers.vaultwarden.containers.app.probes.readiness.spec.httpGet.port (3)

number

controllers.vaultwarden.containers.app.probes.readiness.spec.failureThreshold (2)

number

controllers.vaultwarden.containers.app.probes.readiness.spec.initialDelaySeconds (2)

number

controllers.vaultwarden.containers.app.probes.readiness.spec.periodSeconds (2)

number

controllers.vaultwarden.containers.app.probes.readiness.spec.timeoutSeconds (2)

number

controllers.vaultwarden.containers.app.probes.readiness.path (2)

/alive

string

controllers.vaultwarden.containers.app.probes.readiness.type (1)

HTTP

string

controllers.vaultwarden.containers.app.probes.startup.enabled (1)

true

boolean

controllers.vaultwarden.containers.app.probes.startup.path (1)

/alive

string

controllers.vaultwarden.containers.app.probes.startup.spec.failureThreshold (1)

number

controllers.vaultwarden.containers.app.probes.startup.spec.periodSeconds (1)

number

controllers.vaultwarden.containers.app.probes.startup.type (1)

HTTP

string

controllers.vaultwarden.containers.app.ports[].containerPort (1)

number

controllers.vaultwarden.containers.app.ports[].name (1)

http

string

controllers.vaultwarden.containers.anubis.env.BIND (1)

:8923

string

controllers.vaultwarden.containers.anubis.env.COOKIE_DOMAIN (1)

${MAIN_DOMAIN}

string

controllers.vaultwarden.containers.anubis.env.DIFFICULTY (1)

string

controllers.vaultwarden.containers.anubis.env.ED25519_PRIVATE_KEY_HEX (1)

${ANUBIS_ED25519_PRIVATE_KEY_HEX}

string

controllers.vaultwarden.containers.anubis.env.METRICS_BIND (1)

:8924

string

controllers.vaultwarden.containers.anubis.env.SERVE_ROBOTS_TXT (1)

true

string

controllers.vaultwarden.containers.anubis.env.TARGET (1)

http://localhost:80

string

controllers.vaultwarden.containers.anubis.env.TZ (1)

${TIMEZONE}

string

controllers.vaultwarden.containers.anubis.image.repository (1)

ghcr.io/techarohq/anubis

string

controllers.vaultwarden.containers.anubis.image.tag (1)

v1.25.0

string

controllers.vaultwarden.containers.anubis.resources.limits.memory (1)

256Mi

string

controllers.vaultwarden.containers.anubis.resources.requests.cpu (1)

50m

string

controllers.vaultwarden.containers.anubis.resources.requests.memory (1)

32Mi

string

controllers.vaultwarden.containers.anubis.securityContext.allowPrivilegeEscalation (1)

false

boolean

controllers.vaultwarden.containers.anubis.securityContext.capabilities.drop[] (1)

- ALL

string

controllers.vaultwarden.containers.anubis.securityContext.readOnlyRootFilesystem (1)

true

boolean

controllers.vaultwarden.containers.anubis.securityContext.runAsGroup (1)

number

controllers.vaultwarden.containers.anubis.securityContext.runAsNonRoot (1)

true

boolean

controllers.vaultwarden.containers.anubis.securityContext.runAsUser (1)

number

controllers.vaultwarden.containers.backups.env.BACKUP_DIR (1)

/backups

string

controllers.vaultwarden.containers.backups.env.BACKUP_ON_STARTUP (1)

true

boolean

controllers.vaultwarden.containers.backups.env.CRON_TIME (1)

0 * * * *

string

controllers.vaultwarden.containers.backups.env.DELETE_AFTER (1)

number

controllers.vaultwarden.containers.backups.env.ENCRYPTION_PASSWORD.valueFrom.secretKeyRef.key (1)

VAULTWARDEN_BACKUP_PASS

string

controllers.vaultwarden.containers.backups.env.ENCRYPTION_PASSWORD.valueFrom.secretKeyRef.name (1)

{{ .Release.Name }}-secret

string

controllers.vaultwarden.containers.backups.env.GID (1)

number

controllers.vaultwarden.containers.backups.env.TIMESTAMP (1)

true

boolean

controllers.vaultwarden.containers.backups.env.UID (1)

number

controllers.vaultwarden.containers.backups.image.repository (1)

bruceforce/vaultwarden-backup

string

controllers.vaultwarden.containers.backups.image.tag (1)

2.1.4@sha256:ede1b229a2dd54af59cda87c086707274ae4073ecd2bde1a8ed9b1281ddc553e

string

controllers.vaultwarden.containers.vaultwarden.env.ADMIN_TOKEN (1)

${VAULTWARDEN_ADMIN_TOKEN_HASHED}

string

controllers.vaultwarden.containers.vaultwarden.env.DOMAIN (1)

https://vaultwarden.jnobrega.com

string

controllers.vaultwarden.containers.vaultwarden.env.INVITATIONS_ALLOWED (1)

true

string

controllers.vaultwarden.containers.vaultwarden.env.PASSWORD_HINTS_ALLOWED (1)

false

boolean

controllers.vaultwarden.containers.vaultwarden.env.SIGNUPS_ALLOWED (1)

false

string

controllers.vaultwarden.containers.vaultwarden.env.SMTP_FROM_NAME (1)

Vaultwarden

string

controllers.vaultwarden.containers.vaultwarden.env.SMTP_HOST (1)

mail.gmx.com

string

controllers.vaultwarden.containers.vaultwarden.env.SMTP_PORT (1)

number

controllers.vaultwarden.containers.vaultwarden.env.SMTP_SECURITY (1)

starttls

string

controllers.vaultwarden.containers.vaultwarden.env.TRASH_AUTO_DELETE_DAYS (1)

number

controllers.vaultwarden.containers.vaultwarden.env.TZ (1)

Europe/Lisbon

string

controllers.vaultwarden.containers.vaultwarden.env.WEBSOCKET_ADDRESS (1)

0.0.0.0

string

controllers.vaultwarden.containers.vaultwarden.env.WEBSOCKET_ENABLED (1)

true

string

controllers.vaultwarden.containers.vaultwarden.env.WEBSOCKET_PORT (1)

number

controllers.vaultwarden.containers.vaultwarden.envFrom[].secretRef.name (1)

vaultwarden-secret

string

controllers.vaultwarden.containers.vaultwarden.image.repository (1)

vaultwarden/server

string

controllers.vaultwarden.containers.vaultwarden.image.tag (1)

1.35.3-alpine@sha256:c40957876ec13c1cb0d2b08f86e8f738e6d06f7460bad9cdae216cded174c10d

string

controllers.vaultwarden.containers.vaultwarden.probes.liveness.enabled (1)

false

boolean

controllers.vaultwarden.containers.vaultwarden.probes.readiness.enabled (1)

false

boolean

controllers.vaultwarden.containers.vaultwarden.probes.startup.enabled (1)

false

boolean

controllers.vaultwarden.containers.vaultwarden.resources.limits.memory (1)

250Mi

string

controllers.vaultwarden.containers.vaultwarden.resources.requests.cpu (1)

10m

string

controllers.vaultwarden.containers.vaultwarden.resources.requests.memory (1)

100Mi

string

controllers.vaultwarden.annotations."reloader.stakater.com/auto" (11)

true

string

controllers.vaultwarden.initContainers.init-db.envFrom[].secretRef.name (7)

vaultwarden-secret

string

controllers.vaultwarden.initContainers.init-db.image.repository (7)

ghcr.io/home-operations/postgres-init

string

controllers.vaultwarden.initContainers.init-db.image.tag (7)

string, number

controllers.vaultwarden.initContainers.init-db.image.pullPolicy (2)

IfNotPresent

string

controllers.vaultwarden.initContainers.init-db.env.INIT_POSTGRES_SUPER_PASS.valueFrom.secretKeyRef.key (1)

password

string

controllers.vaultwarden.initContainers.init-db.env.INIT_POSTGRES_SUPER_PASS.valueFrom.secretKeyRef.name (1)

household-postgres-superuser

string

controllers.vaultwarden.pod.securityContext.fsGroup (7)

number

controllers.vaultwarden.pod.securityContext.fsGroupChangePolicy (7)

OnRootMismatch

string

controllers.vaultwarden.pod.securityContext.runAsGroup (7)

number

controllers.vaultwarden.pod.securityContext.runAsUser (7)

number

controllers.vaultwarden.pod.securityContext.runAsNonRoot (6)

true

boolean

controllers.vaultwarden.pod.securityContext.seccompProfile.type (5)

RuntimeDefault

string

controllers.vaultwarden.pod.annotations."reloader.stakater.com/auto" (1)

true

string

controllers.vaultwarden.pod.labels."endpoints.netpols.home.arpa/email-sender" (1)

true

string

controllers.vaultwarden.pod.labels."policy.gabe565.com/egress-namespace" (1)

true

string

controllers.vaultwarden.pod.labels."policy.gabe565.com/egress-world" (1)

true

string

controllers.vaultwarden.pod.labels."policy.gabe565.com/ingress-envoy-public" (1)

true

string

controllers.vaultwarden.pod.priorityClassName (1)

system-cluster-critical

string

controllers.vaultwarden.pod.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (1)

vaultwarden

string

controllers.vaultwarden.pod.topologySpreadConstraints[].maxSkew (1)

number

controllers.vaultwarden.pod.topologySpreadConstraints[].topologyKey (1)

kubernetes.io/hostname

string

controllers.vaultwarden.pod.topologySpreadConstraints[].whenUnsatisfiable (1)

DoNotSchedule

string

controllers.vaultwarden.replicas (3)

number

controllers.vaultwarden.labels.postgres (1)

true

string

controllers.vaultwarden.strategy (1)

Recreate

string

controllers.${APP}.annotations."reloader.stakater.com/auto" (1)

true

string

controllers.${APP}.containers.app.env.TZ (1)

${TIMEZONE}

string

controllers.${APP}.containers.app.image.pullPolicy (1)

IfNotPresent

string

controllers.${APP}.containers.app.image.repository (1)

ghcr.io/dani-garcia/vaultwarden

string

controllers.${APP}.containers.app.image.tag (1)

1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664

string

controllers.${APP}.containers.app.probes.liveness.custom (1)

true

boolean

controllers.${APP}.containers.app.probes.liveness.enabled (1)

true

boolean

controllers.${APP}.containers.app.probes.liveness.spec.failureThreshold (1)

number

controllers.${APP}.containers.app.probes.liveness.spec.httpGet.path (1)

/alive

string

controllers.${APP}.containers.app.probes.liveness.spec.httpGet.port (1)

number

controllers.${APP}.containers.app.probes.liveness.spec.initialDelaySeconds (1)

number

controllers.${APP}.containers.app.probes.liveness.spec.periodSeconds (1)

number

controllers.${APP}.containers.app.probes.liveness.spec.timeoutSeconds (1)

number

controllers.${APP}.containers.app.probes.readiness.custom (1)

true

boolean

controllers.${APP}.containers.app.probes.readiness.enabled (1)

true

boolean

controllers.${APP}.containers.app.probes.readiness.spec.failureThreshold (1)

number

controllers.${APP}.containers.app.probes.readiness.spec.httpGet.path (1)

/alive

string

controllers.${APP}.containers.app.probes.readiness.spec.httpGet.port (1)

number

controllers.${APP}.containers.app.probes.readiness.spec.initialDelaySeconds (1)

number

controllers.${APP}.containers.app.probes.readiness.spec.periodSeconds (1)

number

controllers.${APP}.containers.app.probes.readiness.spec.timeoutSeconds (1)

number

controllers.${APP}.containers.app.resources.limits.memory (1)

256Mi

string

controllers.${APP}.containers.app.resources.requests.cpu (1)

10m

string

controllers.${APP}.containers.app.resources.requests.memory (1)

64Mi

string

controllers.${APP}.containers.app.securityContext.fsGroup (1)

number

controllers.${APP}.containers.app.securityContext.fsGroupChangePolicy (1)

OnRootMismatch

string

controllers.${APP}.containers.app.securityContext.runAsGroup (1)

number

controllers.${APP}.containers.app.securityContext.runAsNonRoot (1)

true

boolean

controllers.${APP}.containers.app.securityContext.runAsUser (1)

number

controllers.${APP}.containers.app.securityContext.seccompProfile.type (1)

RuntimeDefault

string

controllers.${APP}.containers.backup.env.BACKUP_KEEP_DAYS (1)

number

controllers.${APP}.containers.backup.env.CRON (1)

0 5 * * *

string

controllers.${APP}.containers.backup.env.DATA_DIR (1)

/data

string

controllers.${APP}.containers.backup.env.PING_URL_WHEN_FAILURE_CURL_OPTIONS (1)

-H 'Content-Type: application/json' -d '{"content":"❌ Vaultwarden backup failed!"}'

string

controllers.${APP}.containers.backup.env.PING_URL_WHEN_FAILURE.valueFrom.secretKeyRef.key (1)

VAULTWARDEN_BACKUP_PING_URL

string

controllers.${APP}.containers.backup.env.PING_URL_WHEN_FAILURE.valueFrom.secretKeyRef.name (1)

vaultwarden-secret

string

controllers.${APP}.containers.backup.env.PING_URL_WHEN_SUCCESS_CURL_OPTIONS (1)

-H 'Content-Type: application/json' -d '{"content":"✅ Vaultwarden backup completed successfully."}'

string

controllers.${APP}.containers.backup.env.PING_URL_WHEN_SUCCESS.valueFrom.secretKeyRef.key (1)

VAULTWARDEN_BACKUP_PING_URL

string

controllers.${APP}.containers.backup.env.PING_URL_WHEN_SUCCESS.valueFrom.secretKeyRef.name (1)

vaultwarden-secret

string

controllers.${APP}.containers.backup.env.RCLONE_CONFIG (1)

/data/rclone.conf

string

controllers.${APP}.containers.backup.env.RCLONE_REMOTE_DIR (1)

/Vaultwarden-k3s/

string

controllers.${APP}.containers.backup.env.RCLONE_REMOTE_NAME (1)

Google Drive

string

controllers.${APP}.containers.backup.env.RCLONE_TEMP_DIR (1)

/data/

string

controllers.${APP}.containers.backup.env.TIMEZONE (1)

${TIMEZONE}

string

controllers.${APP}.containers.backup.env.ZIP_ENABLE (1)

true

boolean

controllers.${APP}.containers.backup.env.ZIP_PASSWORD.valueFrom.secretKeyRef.key (1)

VAULTWARDEN_BACKUP_ZIP_PASSWORD

string

controllers.${APP}.containers.backup.env.ZIP_PASSWORD.valueFrom.secretKeyRef.name (1)

vaultwarden-secret

string

controllers.${APP}.containers.backup.image.pullPolicy (1)

IfNotPresent

string

controllers.${APP}.containers.backup.image.repository (1)

ghcr.io/ttionya/vaultwarden-backup

string

controllers.${APP}.containers.backup.image.tag (1)

1.26.2@sha256:a0e4993de7d9cef214e2c2d458002317c02f12be59d736ed7baf57fff7086645

string

controllers.${APP}.containers.backup.nameOverride (1)

backup

string

controllers.${APP}.containers.backup.resources.limits.memory (1)

256Mi

string

controllers.${APP}.containers.backup.resources.requests.cpu (1)

10m

string

controllers.${APP}.containers.backup.resources.requests.memory (1)

64Mi

string

controllers.${APP}.containers.backup.securityContext.fsGroup (1)

number

controllers.${APP}.containers.backup.securityContext.readOnlyRootFilesystem (1)

false

boolean

controllers.${APP}.enabled (1)

true

boolean

controllers.${APP}.replicas (1)

number

controllers.${APP}.type (1)

deployment

string

controllers.app.containers.app.env.ADMIN_TOKEN (1)

${VAULTWARDEN_ADMIN_TOKEN}

string

controllers.app.containers.app.env.DATABASE_URL (1)

postgresql://vaultwarden:${POSTGRES_VAULTWARDEN_PASSWORD}@${POSTGRES_ADDRESS}

string

controllers.app.containers.app.env.DOMAIN (1)

https://warden.${CLUSTER_DOMAIN}

string

controllers.app.containers.app.env.SIGNUPS_ALLOWED (1)

false

string

controllers.app.containers.app.env.SMTP_FROM (1)

vaultwarden@${CLUSTER_DOMAIN}

string

controllers.app.containers.app.env.SMTP_FROM_NAME (1)

Vaultwarden

string

controllers.app.containers.app.env.SMTP_HOST (1)

${SMTP_HOSTNAME}

string

controllers.app.containers.app.env.SMTP_PASSWORD (1)

${SMTP_PASSWORD}

string

controllers.app.containers.app.env.SMTP_PORT (1)

${SMTP_PORT}

string

controllers.app.containers.app.env.SMTP_SECURITY (1)

${SMTP_SECURITY}

string

controllers.app.containers.app.env.SMTP_USERNAME (1)

${SMTP_USERNAME}

string

controllers.app.containers.app.image.repository (1)

ghcr.io/dani-garcia/vaultwarden

string

controllers.app.containers.app.image.tag (1)

1.35.3-alpine@sha256:c40957876ec13c1cb0d2b08f86e8f738e6d06f7460bad9cdae216cded174c10d

string

controllers.main.containers.main.env.DATA_FOLDER (1)

config

string

controllers.main.containers.main.env.DOMAIN (1)

https://vault.${SECRET_DOMAIN}

string

controllers.main.containers.main.env.SIGNUPS_ALLOWED (1)

false

boolean

controllers.main.containers.main.env.TZ (1)

${TIMEZONE}

string

controllers.main.containers.main.env.WEBSOCKET_ADDRESS (1)

0.0.0.0

string

controllers.main.containers.main.env.WEBSOCKET_ENABLED (1)

true

boolean

controllers.main.containers.main.env.WEBSOCKET_PORT (1)

number

controllers.main.containers.main.envFrom[].secretRef.name (1)

vaultwarden

string

controllers.main.containers.main.image.repository (1)

docker.io/vaultwarden/server

string

controllers.main.containers.main.image.tag (1)

1.34.3-alpine@sha256:d70118b9dafb8588ee2651ceb5df68db27dcbd8e18467722010644ba48d5d6d6

string

controllers.main.containers.main.resources.limits.memory (1)

100Mi

string

controllers.main.containers.main.resources.requests.cpu (1)

15m

string

controllers.main.containers.main.resources.requests.memory (1)

100Mi

string

controllers.main.pod.securityContext.fsGroup (1)

number

controllers.main.pod.securityContext.fsGroupChangePolicy (1)

OnRootMismatch

string

controllers.main.pod.securityContext.runAsGroup (1)

number

controllers.main.pod.securityContext.runAsUser (1)

number

controllers.main.pod.securityContext.supplementalGroups[] (1)

- "100"

number

route.app.hostnames[] (8)

- vaultwarden.${DOMAIN}

string

route.app.parentRefs[].name (8)

envoy-external

string

route.app.parentRefs[].namespace (8)

network

string

route.app.parentRefs[].sectionName (3)

https

string

route.app.rules[].backendRefs[].identifier (3)

app

string

route.app.rules[].backendRefs[].port (2)

http

string, number

route.app.rules[].filters[].requestHeaderModifier.set[].name (1)

X-Real-IP

string

route.app.rules[].filters[].requestHeaderModifier.set[].value (1)

%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%

string

route.app.rules[].filters[].type (1)

RequestHeaderModifier

string

route.app.rules[].matches[].path.type (1)

PathPrefix
PathPrefix
PathPrefix
PathPrefix

string

route.app.rules[].matches[].path.value (1)

/api
/identity
/icons
/images

string

route.app.annotations."gethomepage.dev/description" (2)

Lightweight, self-hosted password manager

string

route.app.annotations."gethomepage.dev/enabled" (2)

true

string

route.app.annotations."gethomepage.dev/group" (2)

Apps

string

route.app.annotations."gethomepage.dev/icon" (2)

vaultwarden-light

string

route.app.annotations."gethomepage.dev/name" (2)

Vaultwarden

string

route.app.annotations."gatus.home-operations.com/endpoint" (1)

conditions: ["[STATUS] == 200"]

string

route.app.annotations."gethomepage.dev/app" (1)

vaultwarden

string

route.app.annotations."gethomepage.dev/pod-selector" (1)

app.kubernetes.io/name = vaultwarden

string

route.app.enabled (1)

true

boolean

route.app.forceRename (1)

{{ .Release.Name }}

string

route.app.kind (1)

HTTPRoute

string

route.admin.hostnames[] (2)

- bitwarden.${SECRET_DOMAIN_INTERNAL}

string

route.admin.parentRefs[].name (2)

envoy-internal

string

route.admin.parentRefs[].namespace (2)

networking

string

route.admin.parentRefs[].sectionName (1)

websecure

string

route.admin.rules[].backendRefs[].identifier (2)

app

string

route.admin.rules[].backendRefs[].port (1)

http

string

route.admin.rules[].matches[].path.type (2)

PathPrefix

string

route.admin.rules[].matches[].path.value (2)

/admin

string

route.admin.rules[].filters[].extensionRef.group (1)

traefik.io

string

route.admin.rules[].filters[].extensionRef.kind (1)

Middleware

string

route.admin.rules[].filters[].extensionRef.name (1)

auth-chain

string

route.admin.rules[].filters[].type (1)

ExtensionRef

string

route.admin.annotations."gatus.home-operations.com/enabled" (1)

false

string

route.vaultwarden.hostnames[] (2)

- ${app_url}

string

route.vaultwarden.parentRefs[].name (2)

envoy-public

string

route.vaultwarden.parentRefs[].namespace (2)

envoy-gateway-system

string

route.vaultwarden.parentRefs[].sectionName (1)

https

string

route.vaultwarden.rules[].backendRefs[].identifier (2)

vaultwarden
vaultwarden

string

route.vaultwarden.rules[].backendRefs[].port (1)

number

route.vaultwarden.rules[].matches[].path.type (1)

PathPrefix

string

route.vaultwarden.rules[].matches[].path.value (1)

/admin

string

route.vaultwarden.rules[].name (1)

web
admin

string

route.main.hostnames[] (1)

- vaultwarden.jnobrega.com

string

route.main.parentRefs[].kind (1)

Gateway

string

route.main.parentRefs[].name (1)

internal

string

route.main.parentRefs[].namespace (1)

network

string

route.main.parentRefs[].sectionName (1)

websecure

string

route.main.rules[].backendRefs[].name (1)

vaultwarden

string

route.main.rules[].backendRefs[].port (1)

number

persistence.config.existingClaim (7)

vaultwarden

string

persistence.config.globalMounts[].path (6)

/data

string

persistence.data.existingClaim (4)

vaultwarden

string

persistence.data.accessMode (3)

ReadWriteOnce

string

persistence.data.size (3)

8Gi

string

persistence.data.storageClass (3)

longhorn-ssd

string

persistence.data.type (3)

persistentVolumeClaim

string

persistence.data.enabled (2)

true

boolean

persistence.data.retain (2)

true

boolean

persistence.data.suffix (2)

data

string

persistence.data.advancedMounts.vaultwarden.app[].path (1)

/data

string

persistence.data.globalMounts[].path (1)

/data

string

persistence.data.globalMounts[].subPath (1)

vaultwarden

string

persistence.data.path (1)

/volume1/apps/identity

string

persistence.data.server (1)

${NFS_SERVER}

string

persistence.backups.globalMounts[].path (1)

/backups

string

persistence.backups.path (1)

/mnt/${SECRET_NFS_SHARE}/backups/vaultwarden

string

persistence.backups.server (1)

${SECRET_NFS_SERVER}

string

persistence.backups.type (1)

nfs

string

persistence.env.advancedMounts.${APP}.app[].path (1)

/.env

string

persistence.env.advancedMounts.${APP}.app[].readOnly (1)

true

boolean

persistence.env.advancedMounts.${APP}.app[].subPath (1)

.env

string

persistence.env.enabled (1)

true

boolean

persistence.env.items[].key (1)

.env

string

persistence.env.items[].path (1)

.env

string

persistence.env.name (1)

vaultwarden-secret

string

persistence.env.type (1)

secret

string

persistence.postgres-serving-cert.advancedMounts.vaultwarden.app[].path (1)

/certs/postgres/serving

string

persistence.postgres-serving-cert.defaultMode (1)

number

persistence.postgres-serving-cert.items[].key (1)

ca.crt

string

persistence.postgres-serving-cert.items[].path (1)

ca.crt

string

persistence.postgres-serving-cert.name (1)

vaultwarden-postgres-17-serving-cert

string

persistence.postgres-serving-cert.type (1)

secret

string

persistence.postgres-user-cert.advancedMounts.vaultwarden.app[].path (1)

/certs/postgres/user

string

persistence.postgres-user-cert.defaultMode (1)

number

persistence.postgres-user-cert.items[].key (1)

tls.crt
tls.key

string

persistence.postgres-user-cert.items[].path (1)

tls.crt
tls.key

string

persistence.postgres-user-cert.name (1)

vaultwarden-postgres-vaultwarden-user

string

persistence.postgres-user-cert.type (1)

secret

string

persistence.tmp.type (1)

emptyDir

string

ingress.app.hosts[].host (4)

vault.${SECRET_DOMAIN}

string

ingress.app.hosts[].paths[].path (4)

string

ingress.app.hosts[].paths[].service.identifier (4)

app

string

ingress.app.hosts[].paths[].service.port (4)

http

string, number

ingress.app.className (3)

external

string

ingress.app.annotations."external-dns.alpha.kubernetes.io/target" (2)

external.${SECRET_DOMAIN}

string

ingress.app.annotations."cert-manager.io/cluster-issuer" (1)

letsencrypt-production

string

ingress.app.annotations."external-dns.home.arpa/enabled" (1)

true

string

ingress.app.annotations."gethomepage.dev/description" (1)

Password Management

string

ingress.app.annotations."gethomepage.dev/enabled" (1)

true

string

ingress.app.annotations."gethomepage.dev/group" (1)

Security

string

ingress.app.annotations."gethomepage.dev/icon" (1)

vaultwarden.png

string

ingress.app.annotations."gethomepage.dev/name" (1)

Vaultwarden-k3s

string

ingress.app.annotations."gethomepage.dev/pod-selector" (1)

app.kubernetes.io/name=vaultwarden

string

ingress.app.annotations."gethomepage.dev/siteMonitor" (1)

http://${APP}.security.svc.cluster.local:80

string

ingress.app.annotations."hajimari.io/enable" (1)

true

string

ingress.app.annotations."hajimari.io/group" (1)

Authentication

string

ingress.app.annotations."hajimari.io/icon" (1)

cbi:vaultwarden

string

ingress.app.annotations."hajimari.io/name" (1)

Vaultwarden

string

ingress.app.annotations."traefik.ingress.kubernetes.io/router.middlewares" (1)

networking-cloudflare-ips@kubernetescrd

string

ingress.app.enabled (2)

true

boolean

ingress.app.tls[].hosts[] (2)

- vault.${SECRET_DOMAIN}

string

ingress.app.tls[].secretName (2)

${SECRET_DOMAIN/./-}-tls

string

ingress.admin.enabled (2)

true

boolean

ingress.admin.hosts[].host (2)

vaultwarden.${SECRET_DOMAIN}

string

ingress.admin.hosts[].paths[].path (2)

/admin

string

ingress.admin.hosts[].paths[].service.identifier (2)

app

string

ingress.admin.hosts[].paths[].service.port (2)

http

string

ingress.admin.annotations."auth.home.arpa/enabled" (1)

true

string

ingress.admin.annotations."external-dns.alpha.kubernetes.io/exclude" (1)

true

string

ingress.admin.annotations."external-dns.home.arpa/enabled" (1)

true

string

ingress.admin.annotations."nginx.ingress.kubernetes.io/custom-http-errors" (1)

500,501,502,503,504,505,506,510

string

ingress.admin.annotations."nginx.ingress.kubernetes.io/whitelist-source-range" (1)

10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

string

ingress.admin.annotations."traefik.ingress.kubernetes.io/router.middlewares" (1)

networking-secure-networks@kubernetescrd

string

ingress.admin.className (1)

external

string

ingress.admin.tls[].hosts[] (1)

- ${GATUS_SUBDOMAIN:-${APP}}.${SECRET_DOMAIN}

string

ingress.admin.tls[].secretName (1)

${APP}-tls-production

string

ingress.main.annotations."cert-manager.io/cluster-issuer" (1)

letsencrypt-production

string

ingress.main.annotations.external-dns/is-public (1)

true

string

ingress.main.annotations."gethomepage.dev/description" (1)

Open Source Password Manager.

string

ingress.main.annotations."gethomepage.dev/enabled" (1)

true

string

ingress.main.annotations."gethomepage.dev/group" (1)

Security

string

ingress.main.annotations."gethomepage.dev/icon" (1)

vaultwarden

string

ingress.main.annotations."gethomepage.dev/name" (1)

Vaultwarden

string

ingress.main.className (1)

external

string

ingress.main.hosts[].host (1)

vault.${SECRET_DOMAIN}

string

ingress.main.hosts[].paths[].path (1)

/
/notifications/hub
/notifications/hub/negotiate

string

ingress.main.hosts[].paths[].pathType (1)

Prefix
Prefix

string

ingress.main.hosts[].paths[].service.identifier (1)

main
main
main

string

ingress.main.hosts[].paths[].service.port (1)

http
websocket
http

string

ingress.main.tls[].hosts[] (1)

- vault.${SECRET_DOMAIN}

string

ingress.main.tls[].secretName (1)

vault-tls

string

defaultPodOptions.securityContext.runAsGroup (3)

number

defaultPodOptions.securityContext.runAsNonRoot (3)

true

boolean

defaultPodOptions.securityContext.runAsUser (3)

number

defaultPodOptions.securityContext.fsGroup (2)

number

defaultPodOptions.securityContext.fsGroupChangePolicy (2)

OnRootMismatch

string

defaultPodOptions.annotations."secret.reloader.stakater.com/reload" (1)

vaultwarden

string

podAnnotations."secret.reloader.stakater.com/reload" (1)

vaultwarden

string

rawResources.admin-auth.apiVersion (1)

gateway.envoyproxy.io/v1alpha1

string

rawResources.admin-auth.kind (1)

SecurityPolicy

string

rawResources.admin-auth.spec.spec.oidc.clientIDRef.name (1)

oidc

string

rawResources.admin-auth.spec.spec.oidc.clientSecret.name (1)

oidc

string

rawResources.admin-auth.spec.spec.oidc.logoutPath (1)

/admin/oauth2/logout

string

rawResources.admin-auth.spec.spec.oidc.provider.issuer (1)

https://${oidc_host}/application/o/vaultwarden-admin/

string

rawResources.admin-auth.spec.spec.oidc.redirectURL (1)

%REQ(x-forwarded-proto)%://%REQ(:authority)%/admin/oauth2/callback

string

rawResources.admin-auth.spec.spec.oidc.scopes[] (1)

- openid
- offline_access

string

rawResources.admin-auth.spec.spec.targetRefs[].group (1)

gateway.networking.k8s.io

string

rawResources.admin-auth.spec.spec.targetRefs[].kind (1)

HTTPRoute

string

rawResources.admin-auth.spec.spec.targetRefs[].name (1)

{{ .Release.Name }}

string

rawResources.admin-auth.spec.spec.targetRefs[].sectionName (1)

admin

string

vaultwarden helm

Install

Examples

Top Repositories (3 out of 17)

Values