# Include{groups} portals: open: # Include{portalLink} admin: # Include{portalLink} path: "/admin/" questions: # Include{global} # Include{workload} # Include{workloadDeployment} # Include{replicas1} # Include{podSpec} # Include{containerMain} # Include{containerBasic} # Include{containerAdvanced} # Include{containerConfig} # Include{podOptions} - variable: vaultwarden label: "" group: "App Configuration" schema: additional_attrs: true type: dict attrs: - variable: yubico label: "Yubico OTP authentication" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable Yubico OTP authentication" description: "Please refer to the manual at: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Yubikey-OTP-authentication" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: server label: "Yubico server" description: "Defaults to YubiCloud" schema: type: string default: "" - variable: clientId label: "Yubico ID" schema: type: string default: "" - variable: secretKey label: "Yubico Secret Key" schema: type: string default: "" - variable: push label: "Mobile Push Notifications" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable Mobile Push Notifications" description: "You must obtain and ID and Key here: https://bitwarden.com/host" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: installationId label: "Installation ID" schema: type: string default: "" required: true - variable: installationKey label: "Installation Key" schema: type: string default: "" required: true - variable: admin label: "Admin Portal" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable Admin Portal" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: disableAdminToken label: "Make Accessible Without Password/Token" schema: type: boolean default: false - variable: token label: "Admin Portal Password/Token" description: "Will be automatically generated if not defined" schema: type: string default: "" - variable: icons label: "Icon Download Settings" schema: additional_attrs: true type: dict attrs: - variable: disableDownload label: "Disable Icon Download" description: "Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache)" schema: type: boolean default: false - variable: cache label: "Cache time-to-live" description: "Cache time-to-live for icons fetched. 0 means no purging" schema: type: int default: 2592000 - variable: token label: "Failed Downloads Cache time-to-live" description: "Cache time-to-live for icons that were not available. 0 means no purging." schema: type: int default: 2592000 - variable: log label: "Logging" schema: additional_attrs: true type: dict attrs: - variable: level label: "Log level" schema: type: string default: "info" required: true enum: - value: "trace" description: "trace" - value: "debug" description: "debug" - value: "info" description: "info" - value: "warn" description: "warn" - value: "error" description: "error" - value: "off" description: "off" - variable: file label: "Log-File Location" schema: type: string default: "" - variable: smtp label: "SMTP Settings (Email)" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable SMTP Support" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: host label: "SMTP hostname" schema: type: string required: true default: "" - variable: from label: "SMTP sender e-mail address" schema: type: string required: true default: "" - variable: fromName label: "SMTP sender name" schema: type: string required: true default: "" - variable: user label: "SMTP username" schema: type: string required: true default: "" - variable: password label: "SMTP password" description: "Required is user is specified, ignored if no user provided" schema: type: string default: "" - variable: security label: "Enable SSL connection" schema: type: string default: "starttls" enum: - value: "starttls" description: "STARTTLS (587)" - value: "force_tls" description: "FORCE_TLS (465)" - value: "off" description: "OFF (25)" - variable: port label: "SMTP port" description: "Usually: 587 with STARTTLS, 465 with FORCE_TLS, and 25 without SSL" schema: type: int default: 587 - variable: authMechanism label: "SMTP Authentication Mechanisms" description: "Comma-separated options: Plain, Login and Xoauth2" schema: type: string default: "Plain" - variable: heloName label: "SMTP HELO - Hostname" description: "Hostname to be sent for SMTP HELO. Defaults to pod name" schema: type: string default: "" - variable: timeout label: "SMTP timeout" schema: type: int default: 15 - variable: invalidHostname label: "Accept Invalid Hostname" description: "Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!" schema: type: boolean default: false - variable: invalidCertificate label: "Accept Invalid Certificate" description: "Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!" schema: type: boolean default: false - variable: allowSignups label: "Allow Signup" description: "Allow any user to sign-up: https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users" schema: type: boolean default: true - variable: allowInvitation label: "Always allow Invitation" description: "Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/vaultwarden/wiki/Disable-invitations" schema: type: boolean default: true - variable: defaultInviteName label: "Default Invite Organisation Name" description: "Default organization name in invitation e-mails that are not coming from a specific organization." schema: type: string default: "" - variable: showPasswordHint label: "Show password hints" description: "https://github.com/dani-garcia/vaultwarden/wiki/Password-hint-display" schema: type: boolean default: true - variable: signupwhitelistenable label: "Enable Signup Whitelist" description: "allowSignups is ignored if set" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: signupDomains label: "Signup Whitelist Domains" schema: type: list default: [] items: - variable: domain label: "Domain" schema: type: string default: "" - variable: verifySignup label: "Verifiy Signup" description: "Verify e-mail before login is enabled. SMTP must be enabled" schema: type: boolean default: false - variable: requireEmail label: "Block Login if email fails" description: "When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled" schema: type: boolean default: false - variable: emailAttempts label: "Email token reset attempts" description: "Maximum attempts before an email token is reset and a new email will need to be sent" schema: type: int default: 3 - variable: emailTokenExpiration label: "Email token validity in seconds" schema: type: int default: 600 - variable: enableWebVault label: "Enable Webvault" description: "Enable Web Vault (static content). https://github.com/dani-garcia/vaultwarden/wiki/Disabling-or-overriding-the-Vault-interface-hosting" schema: type: boolean default: true - variable: orgCreationUsers label: "Limit Organisation Creation to (users)" description: "Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users." schema: type: string default: "all" - variable: attachmentLimitOrg label: "Limit Attachment Disk Usage per Organisation" schema: type: string default: "" - variable: attachmentLimitUser label: "Limit Attachment Disk Usage per User" schema: type: string default: "" - variable: hibpApiKey label: "HaveIBeenPwned API Key" description: "Can be purchased at https://haveibeenpwned.com/API/Key" schema: type: string default: "" # Include{serviceRoot} - variable: main label: "Main Service" description: "The Primary service on which the healthcheck runs, often the webUI" schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main label: "Main Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 10102 required: true # Include{serviceExpertRoot} # Include{serviceExpert} # Include{serviceList} # Include{persistenceRoot} - variable: data label: "App Config Storage" description: "Stores the Application Configuration." schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} # Include{persistenceList} # Include{ingressRoot} - variable: main label: "Main Ingress" schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} # Include{ingressAdvanced} # Include{ingressList} # Include{securityContextRoot} - variable: runAsUser label: "runAsUser" description: "The UserID of the user running the application" schema: type: int default: 568 - variable: runAsGroup label: "runAsGroup" description: "The groupID of the user running the application" schema: type: int default: 568 # Include{securityContextContainer} # Include{securityContextAdvanced} # Include{securityContextPod} - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage." schema: type: int default: 568 # Include{resources} # Include{advanced} # Include{postgresql} # Include{postgresqlBasics} # Include{addons} # Include{codeserver} # Include{vpn} # Include{netshoot} # Include{documentation}