# Include{groups} portals: open: # Include{portalLink} admin: # Include{portalLink} path: "/admin/" questions: # Include{global} # Include{controller} # Include{controllerDeployment} # Include{replicas} # Include{replica1} # Include{strategy} # Include{recreate} # Include{controllerExpert} # Include{controllerExpertExtraArgs} # Include{containerConfig} - variable: vaultwarden label: "" group: "App Configuration" schema: additional_attrs: true type: dict attrs: - variable: yubico label: "Yubico OTP authentication" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable Yubico OTP authentication" description: "Please refer to the manual at: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Yubikey-OTP-authentication" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: server label: "Yubico server" description: "Defaults to YubiCloud" schema: type: string default: "" - variable: clientId label: "Yubico ID" schema: type: string default: "" - variable: secretKey label: "Yubico Secret Key" schema: type: string default: "" - variable: admin label: "Admin Portal" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable Admin Portal" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: disableAdminToken label: "Make Accessible Without Password/Token" schema: type: boolean default: false - variable: token label: "Admin Portal Password/Token" description: "Will be automatically generated if not defined" schema: type: string default: "" - variable: icons label: "Icon Download Settings" schema: additional_attrs: true type: dict attrs: - variable: disableDownload label: "Disable Icon Download" description: "Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache)" schema: type: boolean default: false - variable: cache label: "Cache time-to-live" description: "Cache time-to-live for icons fetched. 0 means no purging" schema: type: int default: 2592000 - variable: token label: "Failed Downloads Cache time-to-live" description: "Cache time-to-live for icons that were not available. 0 means no purging." schema: type: int default: 2592000 - variable: log label: "Logging" schema: additional_attrs: true type: dict attrs: - variable: level label: "Log level" schema: type: string default: "info" required: true enum: - value: "trace" description: "trace" - value: "debug" description: "debug" - value: "info" description: "info" - value: "warn" description: "warn" - value: "error" description: "error" - value: "off" description: "off" - variable: file label: "Log-File Location" schema: type: string default: "" - variable: smtp label: "SMTP Settings (Email)" schema: additional_attrs: true type: dict attrs: - variable: enabled label: "Enable SMTP Support" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: host label: "SMTP hostname" schema: type: string required: true default: "" - variable: from label: "SMTP sender e-mail address" schema: type: string required: true default: "" - variable: fromName label: "SMTP sender name" schema: type: string required: true default: "" - variable: user label: "SMTP username" schema: type: string required: true default: "" - variable: password label: "SMTP password" description: "Required is user is specified, ignored if no user provided" schema: type: string default: "" - variable: ssl label: "Enable SSL connection" schema: type: boolean default: true - variable: port label: "SMTP port" description: "Usually: 25 without SSL, 587 with SSL" schema: type: int default: 587 - variable: authMechanism label: "SMTP Authentication Mechanisms" description: "Comma-separated options: Plain, Login and Xoauth2" schema: type: string default: "Plain" - variable: heloName label: "SMTP HELO - Hostname" description: "Hostname to be sent for SMTP HELO. Defaults to pod name" schema: type: string default: "" - variable: timeout label: "SMTP timeout" schema: type: int default: 15 - variable: invalidHostname label: "Accept Invalid Hostname" description: "Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!" schema: type: boolean default: false - variable: invalidCertificate label: "Accept Invalid Certificate" description: "Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!" schema: type: boolean default: false - variable: allowSignups label: "Allow Signup" description: "Allow any user to sign-up: https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users" schema: type: boolean default: true - variable: allowInvitation label: "Always allow Invitation" description: "Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/vaultwarden/wiki/Disable-invitations" schema: type: boolean default: true - variable: defaultInviteName label: "Default Invite Organisation Name" description: "Default organization name in invitation e-mails that are not coming from a specific organization." schema: type: string default: "" - variable: showPasswordHint label: "Show password hints" description: "https://github.com/dani-garcia/vaultwarden/wiki/Password-hint-display" schema: type: boolean default: true - variable: signupwhitelistenable label: "Enable Signup Whitelist" description: "allowSignups is ignored if set" schema: type: boolean default: false show_subquestions_if: true subquestions: - variable: signupDomains label: "Signup Whitelist Domains" schema: type: list default: [] items: - variable: domain label: "Domain" schema: type: string default: "" - variable: verifySignup label: "Verifiy Signup" description: "Verify e-mail before login is enabled. SMTP must be enabled" schema: type: boolean default: false - variable: requireEmail label: "Block Login if email fails" description: "When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled" schema: type: boolean default: false - variable: emailAttempts label: "Email token reset attempts" description: "Maximum attempts before an email token is reset and a new email will need to be sent" schema: type: int default: 3 - variable: emailTokenExpiration label: "Email token validity in seconds" schema: type: int default: 600 - variable: enableWebVault label: "Enable Webvault" description: "Enable Web Vault (static content). https://github.com/dani-garcia/vaultwarden/wiki/Disabling-or-overriding-the-Vault-interface-hosting" schema: type: boolean default: true - variable: orgCreationUsers label: "Limit Organisation Creation to (users)" description: "Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users." schema: type: string default: "all" - variable: attachmentLimitOrg label: "Limit Attachment Disk Usage per Organisation" schema: type: string default: "" - variable: attachmentLimitUser label: "Limit Attachment Disk Usage per User" schema: type: string default: "" - variable: hibpApiKey label: "HaveIBeenPwned API Key" description: "Can be purchased at https://haveibeenpwned.com/API/Key" schema: type: string default: "" # Include{serviceRoot} - variable: main label: "Main Service" description: "The Primary service on which the healthcheck runs, often the webUI" schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main label: "Main Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 10102 required: true # Include{advancedPortHTTP} - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 8080 - variable: ws label: "WebSocket Service" description: "WebSocket Service" schema: additional_attrs: true type: dict attrs: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: ws label: "WebSocket Service Port Configuration" schema: additional_attrs: true type: dict attrs: - variable: port label: "Port" description: "This port exposes the container port on the service" schema: type: int default: 3012 required: true # Include{advancedPortHTTP} - variable: targetPort label: "Target Port" description: "The internal(!) port on the container the Application runs on" schema: type: int default: 3012 # Include{serviceExpertRoot} default: false # Include{serviceExpert} # Include{serviceList} # Include{persistenceRoot} - variable: data label: "App Config Storage" description: "Stores the Application Configuration." schema: additional_attrs: true type: dict attrs: # Include{persistenceBasic} # Include{persistenceAdvanced} # Include{persistenceList} # Include{ingressRoot} - variable: main label: "Main Ingress" schema: additional_attrs: true type: dict attrs: # Include{ingressDefault} # Include{ingressTLS} # Include{ingressTraefik} # Include{ingressExpert} # Include{ingressList} # Include{security} # Include{securityContextAdvancedRoot} - variable: privileged label: "Privileged mode" schema: type: boolean default: false - variable: readOnlyRootFilesystem label: "ReadOnly Root Filesystem" schema: type: boolean default: true - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: type: boolean default: false - variable: runAsNonRoot label: "runAsNonRoot" schema: type: boolean default: true # Include{securityContextAdvanced} # Include{podSecurityContextRoot} - variable: runAsUser label: "runAsUser" description: "The UserID of the user running the application" schema: type: int default: 568 - variable: runAsGroup label: "runAsGroup" description: "The groupID this App of the user running the application" schema: type: int default: 568 - variable: fsGroup label: "fsGroup" description: "The group that should own ALL storage." schema: type: int default: 568 # Include{podSecurityContextAdvanced} # Include{resources} # Include{advanced} # Include{addons} # Include{documentation}