vaultwarden helm

No introduction found. Create it?

More popular helm chart found

vaultwarden from bjw-s-labs is more popular with 12 repositories.

Install

Install with:

helm repo add app-template oci://ghcr.io/bjw-s-labs/helm/app-template
helm install vaultwarden app-template/app-template -f values.yaml

Examples

See examples from other people.

Top Repositories (2 out of 9)

NameRepoStarsVersionTimestamp
vaultwardenauricom/home-ops1913.7.3a month ago
vaultwardendrag0n141/home-ops373.7.32 months ago

Values

See the most popular values for this chart:

KeyTypes
controllers.vaultwarden.containers.app.env.DOMAIN (8)
https://bitwarden.${SECRET_DOMAIN}
string
controllers.vaultwarden.containers.app.env.SIGNUPS_ALLOWED (7)
false
boolean, string
controllers.vaultwarden.containers.app.env.TZ (6)
${TIMEZONE}
string
controllers.vaultwarden.containers.app.env.SMTP_FROM (5)
${SECRET_SMTP_SENDER}
string
controllers.vaultwarden.containers.app.env.SMTP_FROM_NAME (5)
Vaultwarden
string
controllers.vaultwarden.containers.app.env.SMTP_HOST (5)
smtp-relay.default.svc.cluster.local
string
controllers.vaultwarden.containers.app.env.SMTP_PORT (5)
2525
number, string
controllers.vaultwarden.containers.app.env.SMTP_SECURITY (5)
off
string
controllers.vaultwarden.containers.app.env.DATA_FOLDER (4)
data
string
controllers.vaultwarden.containers.app.env.ATTACHMENTS_FOLDER (3)
data/attachments
string
controllers.vaultwarden.containers.app.env.ICON_CACHE_FOLDER (3)
data/icon_cache
string
controllers.vaultwarden.containers.app.env.WEBSOCKET_ENABLED (3)
true
string, boolean
controllers.vaultwarden.containers.app.env.PUSH_ENABLED (2)
true
boolean, string
controllers.vaultwarden.containers.app.env.WEBSOCKET_ADDRESS (2)
0.0.0.0
string
controllers.vaultwarden.containers.app.env.WEBSOCKET_PORT (2)
3012
number
controllers.vaultwarden.containers.app.env.ADMIN_TOKEN (1)
${admin_token}
string
controllers.vaultwarden.containers.app.env.DATABASE_URL.secretKeyRef.key (1)
uri
string
controllers.vaultwarden.containers.app.env.DATABASE_URL.secretKeyRef.name (1)
postgresql-app
string
controllers.vaultwarden.containers.app.env.DATABASE_URL (1)
postgresql://vaultwarden@vaultwarden-postgres-17-rw.security.svc:5432/vaultwarden?sslrootcert=/certs/postgres/serving/ca.crt&sslcert=/certs/postgres/user/tls.crt&sslkey=/certs/postgres/user/tls.key&sslmode=verify-full
string
controllers.vaultwarden.containers.app.env.DISABLE_ADMIN_TOKEN (1)
false
boolean
controllers.vaultwarden.containers.app.env.EMAIL_2FA_AUTO_FALLBACK (1)
true
string
controllers.vaultwarden.containers.app.env.EMAIL_CHANGE_ALLOWED (1)
true
string
controllers.vaultwarden.containers.app.env.EXPERIMENTAL_CLIENT_FEATURE_FLAGS (1)
ssh-key-vault-item,ssh-agent
string
controllers.vaultwarden.containers.app.env.IP_HEADER (1)
X-Forwarded-For
string
controllers.vaultwarden.containers.app.env.LOGIN_RATELIMIT_MAX_BURST (1)
2
string
controllers.vaultwarden.containers.app.env.ORG_ATTACHMENT_LIMIT (1)
1000000
string
controllers.vaultwarden.containers.app.env.PUSH_INSTALLATION_ID (1)
${push_installation_id}
string
controllers.vaultwarden.containers.app.env.PUSH_INSTALLATION_KEY (1)
${push_installation_key}
string
controllers.vaultwarden.containers.app.env.ROCKET_PORT (1)
8080
string
controllers.vaultwarden.containers.app.env.SENDS_ALLOWED (1)
true
boolean
controllers.vaultwarden.containers.app.env.SHOW_PASSWORD_HINT (1)
false
boolean
controllers.vaultwarden.containers.app.env.SIGNUPS_VERIFY (1)
true
string
controllers.vaultwarden.containers.app.env.SMTP_TIMEOUT (1)
15
number
controllers.vaultwarden.containers.app.env.TIMEZONE (1)
${TZ}
string
controllers.vaultwarden.containers.app.env.USER_ATTACHMENT_LIMIT (1)
1000000
string
controllers.vaultwarden.containers.app.env.USER_SEND_LIMIT (1)
1000000
string
controllers.vaultwarden.containers.app.image.repository (8)
ghcr.io/dani-garcia/vaultwarden
string
controllers.vaultwarden.containers.app.image.tag (8)
1.33.2@sha256:87edb99945da91bd7504ac1435495595af2e89ad2c7adc151ae5bf091ec8baf2
string
controllers.vaultwarden.containers.app.envFrom[].secretRef.name (7)
vaultwarden-secret
string
controllers.vaultwarden.containers.app.resources.limits.memory (6)
256Mi
string
controllers.vaultwarden.containers.app.resources.requests.cpu (6)
100m
string
controllers.vaultwarden.containers.app.resources.requests.memory (6)
100Mi
string
controllers.vaultwarden.containers.app.securityContext.allowPrivilegeEscalation (5)
false
boolean
controllers.vaultwarden.containers.app.securityContext.capabilities.drop[] (5)
- ALL
string
controllers.vaultwarden.containers.app.securityContext.readOnlyRootFilesystem (5)
true
boolean
controllers.vaultwarden.containers.app.probes.liveness.enabled (2)
true
boolean
controllers.vaultwarden.containers.app.probes.liveness.path (1)
/health
string
controllers.vaultwarden.containers.app.probes.readiness.enabled (2)
true
boolean
controllers.vaultwarden.containers.app.probes.readiness.path (1)
/health
string
controllers.vaultwarden.containers.app.probes.startup.enabled (1)
true
boolean
controllers.vaultwarden.containers.app.probes.startup.spec.failureThreshold (1)
30
number
controllers.vaultwarden.containers.app.probes.startup.spec.periodSeconds (1)
5
number
controllers.vaultwarden.containers.app.ports[].containerPort (1)
80
number
controllers.vaultwarden.containers.app.ports[].name (1)
http
string
controllers.vaultwarden.annotations."reloader.stakater.com/auto" (6)
true
string
controllers.vaultwarden.annotations."secret.reloader.stakater.com/reload" (1)
vaultwarden-db-secret
string
controllers.vaultwarden.pod.securityContext.fsGroup (3)
1000
number
controllers.vaultwarden.pod.securityContext.fsGroupChangePolicy (3)
OnRootMismatch
string
controllers.vaultwarden.pod.securityContext.runAsGroup (3)
1000
number
controllers.vaultwarden.pod.securityContext.runAsNonRoot (3)
true
boolean
controllers.vaultwarden.pod.securityContext.runAsUser (3)
1000
number
controllers.vaultwarden.pod.securityContext.seccompProfile.type (3)
RuntimeDefault
string
controllers.vaultwarden.pod.labels."endpoints.netpols.home.arpa/email-sender" (1)
true
string
controllers.vaultwarden.pod.labels."policy.gabe565.com/egress-namespace" (1)
true
string
controllers.vaultwarden.pod.labels."policy.gabe565.com/egress-world" (1)
true
string
controllers.vaultwarden.pod.labels."policy.gabe565.com/ingress-nginx" (1)
true
string
controllers.vaultwarden.pod.priorityClassName (1)
system-cluster-critical
string
controllers.vaultwarden.pod.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (1)
vaultwarden
string
controllers.vaultwarden.pod.topologySpreadConstraints[].maxSkew (1)
1
number
controllers.vaultwarden.pod.topologySpreadConstraints[].topologyKey (1)
kubernetes.io/hostname
string
controllers.vaultwarden.pod.topologySpreadConstraints[].whenUnsatisfiable (1)
DoNotSchedule
string
controllers.vaultwarden.initContainers.init-db.envFrom[].secretRef.name (2)
vaultwarden-secret
string
controllers.vaultwarden.initContainers.init-db.image.repository (2)
ghcr.io/home-operations/postgres-init
string
controllers.vaultwarden.initContainers.init-db.image.tag (2)
17
number
controllers.vaultwarden.replicas (1)
2
number
controllers.vaultwarden.strategy (1)
Recreate
string
controllers.${APP}.annotations."reloader.stakater.com/auto" (1)
true
string
controllers.${APP}.containers.app.env.TZ (1)
${TIMEZONE}
string
controllers.${APP}.containers.app.image.pullPolicy (1)
IfNotPresent
string
controllers.${APP}.containers.app.image.repository (1)
ghcr.io/dani-garcia/vaultwarden
string
controllers.${APP}.containers.app.image.tag (1)
1.33.2@sha256:87edb99945da91bd7504ac1435495595af2e89ad2c7adc151ae5bf091ec8baf2
string
controllers.${APP}.containers.app.probes.liveness.custom (1)
true
boolean
controllers.${APP}.containers.app.probes.liveness.enabled (1)
true
boolean
controllers.${APP}.containers.app.probes.liveness.spec.failureThreshold (1)
3
number
controllers.${APP}.containers.app.probes.liveness.spec.httpGet.path (1)
/alive
string
controllers.${APP}.containers.app.probes.liveness.spec.httpGet.port (1)
80
number
controllers.${APP}.containers.app.probes.liveness.spec.initialDelaySeconds (1)
0
number
controllers.${APP}.containers.app.probes.liveness.spec.periodSeconds (1)
10
number
controllers.${APP}.containers.app.probes.liveness.spec.timeoutSeconds (1)
1
number
controllers.${APP}.containers.app.probes.readiness.custom (1)
true
boolean
controllers.${APP}.containers.app.probes.readiness.enabled (1)
true
boolean
controllers.${APP}.containers.app.probes.readiness.spec.failureThreshold (1)
3
number
controllers.${APP}.containers.app.probes.readiness.spec.httpGet.path (1)
/alive
string
controllers.${APP}.containers.app.probes.readiness.spec.httpGet.port (1)
80
number
controllers.${APP}.containers.app.probes.readiness.spec.initialDelaySeconds (1)
0
number
controllers.${APP}.containers.app.probes.readiness.spec.periodSeconds (1)
10
number
controllers.${APP}.containers.app.probes.readiness.spec.timeoutSeconds (1)
1
number
controllers.${APP}.containers.app.resources.limits.memory (1)
256Mi
string
controllers.${APP}.containers.app.resources.requests.cpu (1)
10m
string
controllers.${APP}.containers.app.resources.requests.memory (1)
64Mi
string
controllers.${APP}.containers.app.securityContext.fsGroup (1)
1000
number
controllers.${APP}.containers.app.securityContext.fsGroupChangePolicy (1)
OnRootMismatch
string
controllers.${APP}.containers.app.securityContext.runAsGroup (1)
1000
number
controllers.${APP}.containers.app.securityContext.runAsNonRoot (1)
true
boolean
controllers.${APP}.containers.app.securityContext.runAsUser (1)
1000
number
controllers.${APP}.containers.app.securityContext.seccompProfile.type (1)
RuntimeDefault
string
controllers.${APP}.containers.backup.env.BACKUP_KEEP_DAYS (1)
30
number
controllers.${APP}.containers.backup.env.CRON (1)
0 5 * * *
string
controllers.${APP}.containers.backup.env.DATA_DIR (1)
/data
string
controllers.${APP}.containers.backup.env.PING_URL.valueFrom.secretKeyRef.key (1)
VAULTWARDEN_BACKUP_PING_URL
string
controllers.${APP}.containers.backup.env.PING_URL.valueFrom.secretKeyRef.name (1)
vaultwarden-secret
string
controllers.${APP}.containers.backup.env.RCLONE_CONFIG (1)
/data/rclone.conf
string
controllers.${APP}.containers.backup.env.RCLONE_REMOTE_DIR (1)
/Vaultwarden-k3s/
string
controllers.${APP}.containers.backup.env.RCLONE_REMOTE_NAME (1)
Google Drive
string
controllers.${APP}.containers.backup.env.RCLONE_TEMP_DIR (1)
/data/
string
controllers.${APP}.containers.backup.env.TIMEZONE (1)
${TIMEZONE}
string
controllers.${APP}.containers.backup.env.ZIP_ENABLE (1)
true
boolean
controllers.${APP}.containers.backup.env.ZIP_PASSWORD.valueFrom.secretKeyRef.key (1)
VAULTWARDEN_BACKUP_ZIP_PASSWORD
string
controllers.${APP}.containers.backup.env.ZIP_PASSWORD.valueFrom.secretKeyRef.name (1)
vaultwarden-secret
string
controllers.${APP}.containers.backup.image.pullPolicy (1)
IfNotPresent
string
controllers.${APP}.containers.backup.image.repository (1)
ghcr.io/ttionya/vaultwarden-backup
string
controllers.${APP}.containers.backup.image.tag (1)
1.24.2@sha256:72cb08f34bdd866104839cb92c37262f7066cbaa79868547b045966d23270a23
string
controllers.${APP}.containers.backup.nameOverride (1)
backup
string
controllers.${APP}.containers.backup.resources.limits.memory (1)
256Mi
string
controllers.${APP}.containers.backup.resources.requests.cpu (1)
10m
string
controllers.${APP}.containers.backup.resources.requests.memory (1)
64Mi
string
controllers.${APP}.containers.backup.securityContext.fsGroup (1)
1000
number
controllers.${APP}.containers.backup.securityContext.readOnlyRootFilesystem (1)
false
boolean
controllers.${APP}.enabled (1)
true
boolean
controllers.${APP}.replicas (1)
1
number
controllers.${APP}.type (1)
deployment
string
service.app.controller (8)
vaultwarden
string
service.app.ports.http.port (8)
80
number
service.app.ports.websocket.enabled (1)
true
boolean
service.app.ports.websocket.port (1)
3012
number
service.app.sessionAffinity (1)
ClientIP
string
service.app.sessionAffinityConfig.clientIP.timeoutSeconds (1)
10800
number
service.vaultwarden.controller (1)
vaultwarden
string
service.vaultwarden.ports.http.port (1)
8080
number
ingress.app.hosts[].host (5)
bitwarden.${SECRET_DOMAIN}
string
ingress.app.hosts[].paths[].path (5)
/
string
ingress.app.hosts[].paths[].service.identifier (5)
app
string
ingress.app.hosts[].paths[].service.port (5)
http
string, number
ingress.app.hosts[].paths[].pathType (1)
Prefix
string
ingress.app.className (4)
external
string
ingress.app.tls[].hosts[] (4)
- bitwarden.${SECRET_DOMAIN}
string
ingress.app.tls[].secretName (2)
${SECRET_DOMAIN/./-}-production-tls
string
ingress.app.enabled (3)
true
boolean
ingress.app.annotations."external-dns.alpha.kubernetes.io/target" (2)
internal.${SECRET_DOMAIN_INTERNAL}
string
ingress.app.annotations."gethomepage.dev/description" (2)
Open-source password manager compatible with Bitwarden clients.
string
ingress.app.annotations."gethomepage.dev/enabled" (2)
true
string
ingress.app.annotations."gethomepage.dev/group" (2)
Applications
string
ingress.app.annotations."gethomepage.dev/icon" (2)
vaultwarden.png
string
ingress.app.annotations."gethomepage.dev/name" (2)
Vaultwarden
string
ingress.app.annotations."traefik.ingress.kubernetes.io/router.middlewares" (2)
networking-traefik-middleware-chain-no-auth@kubernetescrd
string
ingress.app.annotations."cert-manager.io/cluster-issuer" (1)
letsencrypt-production
string
ingress.app.annotations."gethomepage.dev/pod-selector" (1)
app in ( vaultwarden )
string
ingress.app.annotations."hajimari.io/icon" (1)
mdi:lock
string
ingress.app.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1)
websecure
string
ingress.admin.hosts[].host (3)
${app_url}
string
ingress.admin.hosts[].paths[].path (3)
/admin
string
ingress.admin.hosts[].paths[].service.identifier (3)
app
string
ingress.admin.hosts[].paths[].service.port (3)
http
string
ingress.admin.tls[].hosts[] (3)
- ${app_url}
string
ingress.admin.tls[].secretName (3)
${certificate_name}
string
ingress.admin.annotations."traefik.ingress.kubernetes.io/router.middlewares" (2)
networking-traefik-middleware-chain-authelia@kubernetescrd
string
ingress.admin.annotations."external-dns.alpha.kubernetes.io/exclude" (1)
true
string
ingress.admin.annotations."external-dns.alpha.kubernetes.io/target" (1)
internal.${SECRET_DOMAIN_INTERNAL}
string
ingress.admin.annotations."nginx.ingress.kubernetes.io/auth-response-headers" (1)
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
string
ingress.admin.annotations."nginx.ingress.kubernetes.io/auth-signin" (1)
https://$host/outpost.goauthentik.io/start?rd=$scheme://$http_host$escaped_request_uri
string
ingress.admin.annotations."nginx.ingress.kubernetes.io/auth-snippet" (1)
proxy_set_header X-Forwarded-Host $http_host;
string
ingress.admin.annotations."nginx.ingress.kubernetes.io/auth-url" (1)
http://ak-outpost-gabernetes.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
string
ingress.admin.annotations."traefik.ingress.kubernetes.io/router.entrypoints" (1)
websecure
string
ingress.admin.enabled (2)
true
boolean
ingress.admin.className (1)
traefik-internal
string
ingress.vaultwarden.enabled (1)
true
boolean
ingress.vaultwarden.hosts[].host (1)
${app_url}
string
ingress.vaultwarden.hosts[].paths[].path (1)
/
string
ingress.vaultwarden.hosts[].paths[].service.identifier (1)
vaultwarden
string
ingress.vaultwarden.hosts[].paths[].service.port (1)
http
string
ingress.vaultwarden.tls[].hosts[] (1)
- ${app_url}
string
ingress.vaultwarden.tls[].secretName (1)
${certificate_name}
string
persistence.config.existingClaim (5)
vaultwarden
string
persistence.config.globalMounts[].path (5)
/data
string
persistence.config.enabled (2)
true
boolean
persistence.data.accessMode (3)
ReadWriteOnce
string
persistence.data.size (3)
8Gi
string
persistence.data.storageClass (3)
longhorn-ssd
string
persistence.data.enabled (2)
true
boolean
persistence.data.retain (2)
true
boolean
persistence.data.type (2)
persistentVolumeClaim
string
persistence.data.advancedMounts.vaultwarden.app[].path (1)
/data
string
persistence.data.existingClaim (1)
vaultwarden
string
persistence.data.globalMounts[].path (1)
/data
string
persistence.data.suffix (1)
data
string
persistence.env.advancedMounts.${APP}.app[].path (1)
/.env
string
persistence.env.advancedMounts.${APP}.app[].readOnly (1)
true
boolean
persistence.env.advancedMounts.${APP}.app[].subPath (1)
.env
string
persistence.env.enabled (1)
true
boolean
persistence.env.items[].key (1)
.env
string
persistence.env.items[].path (1)
.env
string
persistence.env.name (1)
vaultwarden-secret
string
persistence.env.type (1)
secret
string
persistence.postgres-serving-cert.advancedMounts.vaultwarden.app[].path (1)
/certs/postgres/serving
string
persistence.postgres-serving-cert.defaultMode (1)
444
number
persistence.postgres-serving-cert.items[].key (1)
ca.crt
string
persistence.postgres-serving-cert.items[].path (1)
ca.crt
string
persistence.postgres-serving-cert.name (1)
vaultwarden-postgres-17-serving-cert
string
persistence.postgres-serving-cert.type (1)
secret
string
persistence.postgres-user-cert.advancedMounts.vaultwarden.app[].path (1)
/certs/postgres/user
string
persistence.postgres-user-cert.defaultMode (1)
440
number
persistence.postgres-user-cert.items[].key (1)
tls.crt
tls.key
string
persistence.postgres-user-cert.items[].path (1)
tls.crt
tls.key
string
persistence.postgres-user-cert.name (1)
vaultwarden-postgres-vaultwarden-user
string
persistence.postgres-user-cert.type (1)
secret
string
defaultPodOptions.securityContext.runAsGroup (2)
1000
number
defaultPodOptions.securityContext.runAsNonRoot (2)
true
boolean
defaultPodOptions.securityContext.runAsUser (2)
1000
number
defaultPodOptions.securityContext.fsGroup (1)
1000
number
defaultPodOptions.securityContext.fsGroupChangePolicy (1)
OnRootMismatch
string
route.app.hostnames[] (2)
- passwords.${SECRET_DOMAIN}
string
route.app.parentRefs[].name (2)
external
string
route.app.parentRefs[].namespace (2)
network
string
route.app.parentRefs[].sectionName (2)
https
string
route.app.rules[].backendRefs[].port (2)
80
number
route.app.rules[].backendRefs[].identifier (1)
app
string
route.app.rules[].backendRefs[].name (1)
vaultwarden
string