image: repository: docker.io/vaultwarden/server pullPolicy: IfNotPresent tag: 1.30.5@sha256:edb8e2bab9cbca22e555638294db9b3657ffbb6e5d149a29d7ccdb243e3c71e0 service: main: ports: main: port: 10102 targetPort: 8080 workload: main: podSpec: containers: main: env: DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}" DATABASE_URL: secretKeyRef: name: cnpg-main-urls key: std envFrom: - configMapRef: name: vaultwardenconfig - secretRef: name: vaultwardensecret database: # -- Database type, # must be one of: 'sqlite', 'mysql' or 'postgresql'. type: postgresql # -- Enable DB Write-Ahead-Log for SQLite, # disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled wal: true ## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port). # url: "" ## Set the size of the database connection pool. # maxConnections: 10 ## Connection retries during startup, 0 for infinite. 1 second between retries. # retries: 15 # Set Bitwarden_rs application variables vaultwarden: # -- Allow any user to sign-up # see: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users allowSignups: true ## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set. # signupDomains: # - domain.tld # -- Verify e-mail before login is enabled. # SMTP must be enabled. verifySignup: false # When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled. requireEmail: false ## Maximum attempts before an email token is reset and a new email will need to be sent. # emailAttempts: 3 ## Email token validity in seconds. # emailTokenExpiration: 600 # Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations allowInvitation: true # Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display ## Default organization name in invitation e-mails that are not coming from a specific organization. # defaultInviteName: "" showPasswordHint: true # Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting enableWebVault: true # Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users. orgCreationUsers: all ## Limit attachment disk usage per organization. # attachmentLimitOrg: ## Limit attachment disk usage per user. # attachmentLimitUser: ## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key. # hibpApiKey: admin: # Enable admin portal. enabled: false # Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token disableAdminToken: false ## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page # token: # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration smtp: enabled: false # SMTP hostname, required if SMTP is enabled. host: "" # SMTP sender e-mail address, required if SMTP is enabled. from: "" ## SMTP sender name, defaults to 'Bitwarden_RS'. # fromName: "" ## Enable SSL connection. # security: starttls ## SMTP port. Defaults to 587 with STARTTLS, 465 with FORCE_TLS, and 25 without SSL. # port: 587 ## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'. # authMechanism: Plain ## Hostname to be sent for SMTP HELO. Defaults to pod name. # heloName: "" ## SMTP timeout. # timeout: 15 ## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks! # invalidHostname: false ## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks! # invalidCertificate: false ## SMTP username. # user: "" ## SMTP password. Required is user is specified, ignored if no user provided. # password: "" ## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication yubico: enabled: false ## Yubico server. Defaults to YubiCloud. # server: ## Yubico ID and Secret Key. # clientId: # secretKey: ## Enable Mobile Push Notifications. You must obtain and ID and Key here: https://bitwarden.com/host push: enabled: false # installationId: # installationKey: ## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging log: # Log to file. file: "" # Log level. Options are "trace", "debug", "info", "warn", "error" or "off". level: "trace" ## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds. # timeFormat: "" icons: # Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero. disableDownload: false ## Cache time-to-live for icons fetched. 0 means no purging. # cache: 2592000 ## Cache time-to-live for icons that were not available. 0 means no purging. # cacheFailed: 259200 persistence: data: enabled: true mountPath: "/data" cnpg: main: enabled: true user: vaultwarden database: vaultwarden portal: open: enabled: true ingress: main: required: true