{ "1.0.29": { "healthy": true, "supported": true, "healthy_error": null, "location": "/__w/charts/charts/community/vaultwarden/1.0.29", "last_update": "2023-11-14 10:11:57", "required_features": [ "definitions/certificate", "definitions/timezone", "normalize/ixVolume" ], "human_version": "1.30.0_1.0.29", "version": "1.0.29", "chart_metadata": { "name": "vaultwarden", "description": "Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients.", "annotations": { "title": "Vaultwarden" }, "type": "application", "version": "1.0.29", "apiVersion": "v2", "appVersion": "1.30.0", "kubeVersion": ">=1.16.0-0", "maintainers": [ { "name": "truenas", "url": "https://www.truenas.com/", "email": "dev@ixsystems.com" } ], "dependencies": [ { "name": "common", "repository": "file://../../../common", "version": "1.2.2" } ], "home": "https://github.com/dani-garcia/vaultwarden", "icon": "https://media.sys.truenas.net/apps/vaultwarden/icons/icon.png", "sources": [ "https://github.com/dani-garcia/vaultwarden", "https://github.com/truenas/charts/tree/master/community/vaultwarden" ], "keywords": [ "password", "manager" ] }, "app_metadata": { "runAsContext": [ { "userName": "vaultwarden", "groupName": "vaultwarden", "gid": 568, "uid": 568, "description": "Vaultwarden can run as any non-root user." }, { "userName": "postgres", "groupName": "postgres", "gid": 999, "uid": 999, "description": "Postgres runs as a non-root user." } ], "capabilities": [], "hostMounts": [] }, "schema": { "groups": [ { "name": "Vaultwarden Configuration", "description": "Configure Vaultwarden" }, { "name": "User and Group Configuration", "description": "Configure User and Group for Vaultwarden" }, { "name": "Network Configuration", "description": "Configure Network for Vaultwarden" }, { "name": "Storage Configuration", "description": "Configure Storage for Vaultwarden" }, { "name": "Resources Configuration", "description": "Configure Resources for Vaultwarden" } ], "portals": { "web_portal": { "protocols": [ "$kubernetes-resource_configmap_portal_protocol" ], "host": [ "$kubernetes-resource_configmap_portal_host" ], "ports": [ "$kubernetes-resource_configmap_portal_port" ], "path": "$kubernetes-resource_configmap_portal_path" }, "admin_portal": { "protocols": [ "$kubernetes-resource_configmap_portal_protocol" ], "host": [ "$kubernetes-resource_configmap_portal_host" ], "ports": [ "$kubernetes-resource_configmap_portal_port" ], "path": "$kubernetes-resource_configmap_portal_admin_path" } }, "questions": [ { "variable": "TZ", "group": "Vaultwarden Configuration", "label": "Timezone", "schema": { "type": "string", "default": "America/Los_Angeles", "required": true, "$ref": [ "definitions/timezone" ], "enum": [ { "value": "Asia/Damascus", "description": "'Asia/Damascus' timezone" }, { "value": "Asia/Saigon", "description": "'Asia/Saigon' timezone" } ] } }, { "variable": "vaultwardenConfig", "label": "", "group": "Vaultwarden Configuration", "schema": { "type": "dict", "attrs": [ { "variable": "adminToken", "label": "Admin Token", "description": "Setting this, will enable the admin portal", "schema": { "type": "string", "private": true, "default": "" } }, { "variable": "additionalEnvs", "label": "Additional Environment Variables", "description": "Configure additional environment variables for Vaultwarden.", "schema": { "type": "list", "default": [], "items": [ { "variable": "env", "label": "Environment Variable", "schema": { "type": "dict", "attrs": [ { "variable": "name", "label": "Name", "schema": { "type": "string", "required": true } }, { "variable": "value", "label": "Value", "schema": { "type": "string", "required": true } } ] } } ] } } ] } }, { "variable": "vaultwardenRunAs", "label": "", "group": "User and Group Configuration", "schema": { "type": "dict", "attrs": [ { "variable": "user", "label": "User ID", "description": "The user id that Vaultwarden will run as.", "schema": { "type": "int", "min": 568, "default": 568, "required": true } }, { "variable": "group", "label": "Group ID", "description": "The group id that Vaultwarden will run as.", "schema": { "type": "int", "min": 568, "default": 568, "required": true } } ] } }, { "variable": "vaultwardenNetwork", "label": "", "group": "Network Configuration", "schema": { "type": "dict", "attrs": [ { "variable": "webPort", "label": "Web Port", "description": "The port for the Vaultwarden Web UI.", "schema": { "type": "int", "default": 30032, "min": 9000, "max": 65535, "required": true } }, { "variable": "wsEnabled", "label": "Enable Websocket", "schema": { "type": "boolean", "default": true } }, { "variable": "wsPort", "label": "Websocket Port", "description": "The port for the Vaultwarden Websocket.", "schema": { "type": "int", "show_if": [ [ "wsEnabled", "=", true ] ], "default": 30033, "min": 9000, "max": 65535, "required": true } }, { "variable": "hostNetwork", "label": "Host Network", "description": "Bind to the host network. It's recommended to keep this disabled.
\n", "schema": { "type": "boolean", "default": false } }, { "variable": "domain", "label": "Domain", "description": "The domain to use for Vaultwarden
\nFormat is: https://sub.domain.tld:port\n", "schema": { "type": "string", "default": "" } }, { "variable": "certificateID", "label": "Certificate", "description": "The certificate to use for Vaultwarden
\nUsing the Rocket method for TLS setup is NOT recommended
\nPrefer a reverse proxy with a valid certificate
\n", "schema": { "type": "int", "null": true, "$ref": [ "definitions/certificate" ], "enum": [ { "value": null, "description": "No Certificate" } ], "default": null } } ] } }, { "variable": "vaultwardenStorage", "label": "", "group": "Storage Configuration", "schema": { "type": "dict", "attrs": [ { "variable": "data", "label": "Vaultwarden Data Storage", "description": "The path to store Vaultwarden attachments, icons, etc.", "schema": { "type": "dict", "attrs": [ { "variable": "type", "label": "Type", "description": "ixVolume: Is dataset created automatically by the system.
\nHost Path: Is a path that already exists on the system.\n", "schema": { "type": "string", "required": true, "immutable": true, "default": "ixVolume", "enum": [ { "value": "hostPath", "description": "Host Path (Path that already exists on the system)" }, { "value": "ixVolume", "description": "ixVolume (Dataset created automatically by the system)" } ] } }, { "variable": "datasetName", "label": "Dataset Name", "schema": { "type": "string", "show_if": [ [ "type", "=", "ixVolume" ] ], "required": true, "hidden": true, "immutable": true, "default": "data", "$ref": [ "normalize/ixVolume" ] } }, { "variable": "hostPath", "label": "Host Path", "schema": { "type": "hostpath", "show_if": [ [ "type", "=", "hostPath" ] ], "immutable": true, "required": true } } ] } }, { "variable": "pgData", "label": "Vaultwarden Postgres Data Storage", "description": "The path to store Vaultwarden Postgres Data.", "schema": { "type": "dict", "attrs": [ { "variable": "type", "label": "Type", "description": "ixVolume: Is dataset created automatically by the system.
\nHost Path: Is a path that already exists on the system.\n", "schema": { "type": "string", "required": true, "immutable": true, "default": "ixVolume", "enum": [ { "value": "hostPath", "description": "Host Path (Path that already exists on the system)" }, { "value": "ixVolume", "description": "ixVolume (Dataset created automatically by the system)" } ] } }, { "variable": "datasetName", "label": "Dataset Name", "schema": { "type": "string", "show_if": [ [ "type", "=", "ixVolume" ] ], "required": true, "hidden": true, "immutable": true, "default": "pgData", "$ref": [ "normalize/ixVolume" ] } }, { "variable": "hostPath", "label": "Host Path", "schema": { "type": "hostpath", "show_if": [ [ "type", "=", "hostPath" ] ], "immutable": true, "required": true } } ] } }, { "variable": "pgBackup", "label": "Vaultwarden Postgres Backup Storage", "description": "The path to store Vaultwarden Postgres Backup.", "schema": { "type": "dict", "attrs": [ { "variable": "type", "label": "Type", "description": "ixVolume: Is dataset created automatically by the system.
\nHost Path: Is a path that already exists on the system.\n", "schema": { "type": "string", "required": true, "immutable": true, "default": "ixVolume", "enum": [ { "value": "hostPath", "description": "Host Path (Path that already exists on the system)" }, { "value": "ixVolume", "description": "ixVolume (Dataset created automatically by the system)" } ] } }, { "variable": "datasetName", "label": "Dataset Name", "schema": { "type": "string", "show_if": [ [ "type", "=", "ixVolume" ] ], "required": true, "hidden": true, "immutable": true, "default": "pgBackup", "$ref": [ "normalize/ixVolume" ] } }, { "variable": "hostPath", "label": "Host Path", "schema": { "type": "hostpath", "show_if": [ [ "type", "=", "hostPath" ] ], "immutable": true, "required": true } } ] } } ] } }, { "variable": "resources", "label": "", "group": "Resources Configuration", "schema": { "type": "dict", "attrs": [ { "variable": "limits", "label": "Limits", "schema": { "type": "dict", "attrs": [ { "variable": "cpu", "label": "CPU", "description": "CPU limit for Vaultwarden.", "schema": { "type": "string", "max_length": 6, "valid_chars": "^(0\\.[1-9]|[1-9][0-9]*)(\\.[0-9]|m?)$", "valid_chars_error": "Valid CPU limit formats are
\n- Plain Integer - eg. 1
\n- Float - eg. 0.5
\n- Milicpu - eg. 500m\n", "default": "4000m", "required": true } }, { "variable": "memory", "label": "Memory", "description": "Memory limit for Vaultwarden.", "schema": { "type": "string", "max_length": 12, "valid_chars": "^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$", "valid_chars_error": "Valid Memory limit formats are
\n- Suffixed with E/P/T/G/M/K - eg. 1G
\n- Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi
\n- Plain Integer in bytes - eg. 1024
\n- Exponent - eg. 134e6\n", "default": "8Gi", "required": true } } ] } } ] } } ] }, "app_readme": "

Vaultwarden

\n

Vaultwarden Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients

\n
\n

During the installation process, a container will be launched with root privileges. This is required\nin order to apply the correct permissions to the Vaultwarden data directory. Afterward, the Vaultwarden container\nwill run as a non-root user (default 568).\nSame applies to the postgres container. This will run afterwards as a non-root user (999).\nOn each upgrade, a container will be launched with root privileges in order to apply the correct\npermissions to the postgres backups directory. Container that performs the backup will run as a non-root user (999) afterwards.\nKeep in mind the permissions on the backup directory will be changed to 999:999 on every update.\nBut will only be changed once for the Vaultwarden and postgres data directories.

\n
\n

While the option to use Rocket for TLS is there, it is not\nrecommended.\nInstead, use a reverse proxy to handle TLS termination.

\n

Using HTTPS is required for the most of the features to work (correctly).

", "detailed_readme": "

Vaultwarden

\n

Vaultwarden Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients

\n
\n

During the installation process, a container will be launched with root privileges. This is required\nin order to apply the correct permissions to the Vaultwarden data directory. Afterward, the Vaultwarden container\nwill run as a non-root user (default 568).\nSame applies to the postgres container. This will run afterwards as a non-root user (999).\nOn each upgrade, a container will be launched with root privileges in order to apply the correct\npermissions to the postgres backups directory. Container that performs the backup will run as a non-root user (999) afterwards.\nKeep in mind the permissions on the backup directory will be changed to 999:999 on every update.\nBut will only be changed once for the Vaultwarden and postgres data directories.

\n
\n

While the option to use Rocket for TLS is there, it is not\nrecommended.\nInstead, use a reverse proxy to handle TLS termination.

\n

Using HTTPS is required for the most of the features to work (correctly).

", "changelog": null } }