image: repository: tccr.io/truecharts/vaultwarden pullPolicy: IfNotPresent tag: v1.23.1@sha256:094eae865c2650b033313228359aafdef5f00008b8f44cb856ee418270cebdf9 service: main: ports: main: port: 10102 targetPort: 8080 ws: enabled: true ports: ws: enabled: true port: 3012 targetPort: 3012 env: DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}" envFrom: - configMapRef: name: vaultwardenconfig - secretRef: name: vaultwardensecret envValueFrom: DATABASE_URL: secretKeyRef: name: dbcreds key: url database: # Database type, must be one of: 'sqlite', 'mysql' or 'postgresql'. type: postgresql # Enable DB Write-Ahead-Log for SQLite, disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled wal: true ## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port). # url: "" ## Set the size of the database connection pool. # maxConnections: 10 ## Connection retries during startup, 0 for infinite. 1 second between retries. # retries: 15 # Set Bitwarden_rs application variables vaultwarden: # Allow any user to sign-up: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users allowSignups: true ## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set. # signupDomains: # - domain.tld # Verify e-mail before login is enabled. SMTP must be enabled. verifySignup: false # When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled. requireEmail: false ## Maximum attempts before an email token is reset and a new email will need to be sent. # emailAttempts: 3 ## Email token validity in seconds. # emailTokenExpiration: 600 # Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations allowInvitation: true # Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display ## Default organization name in invitation e-mails that are not coming from a specific organization. # defaultInviteName: "" showPasswordHint: true # Enable Websockets for notification. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications # Redirect HTTP path "/notifications/hub" to port 3012. Ingress/IngressRoute controllers are automatically configured. enableWebsockets: true # Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting enableWebVault: true # Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users. orgCreationUsers: all ## Limit attachment disk usage per organization. # attachmentLimitOrg: ## Limit attachment disk usage per user. # attachmentLimitUser: ## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key. # hibpApiKey: admin: # Enable admin portal. enabled: false # Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token disableAdminToken: false ## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page # token: # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration smtp: enabled: false # SMTP hostname, required if SMTP is enabled. host: "" # SMTP sender e-mail address, required if SMTP is enabled. from: "" ## SMTP sender name, defaults to 'Bitwarden_RS'. # fromName: "" ## Enable SSL connection. # ssl: true ## SMTP port. Defaults to 25 without SSL, 587 with SSL. # port: 587 ## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'. # authMechanism: Plain ## Hostname to be sent for SMTP HELO. Defaults to pod name. # heloName: "" ## SMTP timeout. # timeout: 15 ## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks! # invalidHostname: false ## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks! # invalidCertificate: false ## SMTP username. # user: "" ## SMTP password. Required is user is specified, ignored if no user provided. # password: "" ## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication yubico: enabled: false ## Yubico server. Defaults to YubiCloud. # server: ## Yubico ID and Secret Key. # clientId: # secretKey: ## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging log: # Log to file. file: "" # Log level. Options are "trace", "debug", "info", "warn", "error" or "off". level: "trace" ## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds. # timeFormat: "" icons: # Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero. disableDownload: false ## Cache time-to-live for icons fetched. 0 means no purging. # cache: 2592000 ## Cache time-to-live for icons that were not available. 0 means no purging. # cacheFailed: 259200 persistence: data: enabled: true mountPath: "/data" # Enabled postgres postgresql: enabled: true existingSecret: "dbcreds" postgresqlUsername: vaultwarden postgresqlDatabase: vaultwarden