diff --git a/apps/vaultwarden/base/vaultwarden-data-pvc.yaml b/apps/vaultwarden/base/vaultwarden-data-pvc.yaml
new file mode 100644
index 0000000..02cc48a
--- /dev/null
+++ b/apps/vaultwarden/base/vaultwarden-data-pvc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: vaultwarden-data-pvc
+  name: vaultwarden-data-pvc
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
diff --git a/apps/vaultwarden/base/vaultwarden-deployment.yaml b/apps/vaultwarden/base/vaultwarden-deployment.yaml
new file mode 100644
index 0000000..d502a15
--- /dev/null
+++ b/apps/vaultwarden/base/vaultwarden-deployment.yaml
@@ -0,0 +1,94 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: vaultwarden
+  name: vaultwarden
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: vaultwarden
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: vaultwarden
+    spec:
+      containers:
+        - env:
+            - name: ADMIN_RATELIMIT_MAX_BURST
+              value: "10"
+            - name: ADMIN_RATELIMIT_SECONDS
+              value: "60"
+            - name: DOMAIN
+              value: https://vault.steffenillium.de
+            - name: EMERGENCY_ACCESS_ALLOWED
+              value: "true"
+            - name: LOGIN_RATELIMIT_MAX_BURST
+              value: "10"
+            - name: LOGIN_RATELIMIT_SECONDS
+              value: "60"
+            - name: SENDS_ALLOWED
+              value: "true"
+            - name: SIGNUPS_ALLOWED
+              value: "false"
+            - name: SMTP_AUTH_MECHANISM
+              value: '"Plain"'
+            - name: SMTP_FROM
+              value: vaultwarden@steffenillium.de
+            - name: SMTP_FROM_NAME
+              value: Vaultwarden
+            - name: SMTP_PORT
+              value: "587"
+            - name: SMTP_SECURITY
+              value: starttls
+            - name: SMTP_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: vaultwarden-secret-sealed
+                  key: SMTP_HOST
+            - name: SMTP_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: vaultwarden-secret-sealed
+                  key: SMTP_USERNAME
+            - name: WEB_VAULT_ENABLED
+              value: "true"
+            - name: SMTP_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: vaultwarden-secret-sealed
+                  key: SMTP_PASSWORD
+            - name: YUBICO_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: vaultwarden-secret-sealed
+                  key: YUBICO_CLIENT_ID
+            - name: YUBICO_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: vaultwarden-secret-sealed
+                  key: YUBICO_SECRET_KEY
+            - name: ADMIN_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: vaultwarden-secret-sealed
+                  key: ADMIN_TOKEN
+          image: vaultwarden/server:latest
+          name: vaultwarden
+          ports:
+            - containerPort: 80
+              protocol: TCP
+          resources: {}
+          volumeMounts:
+            - mountPath: /data
+              name: vaultwarden-data-pvc
+      restartPolicy: Always
+      volumes:
+        - name: vaultwarden-data-pvc
+          persistentVolumeClaim:
+            claimName: vaultwarden-data-pvc
+        
+
diff --git a/apps/vaultwarden/base/vaultwarden-ingress.yaml b/apps/vaultwarden/base/vaultwarden-ingress.yaml
new file mode 100644
index 0000000..542f05a
--- /dev/null
+++ b/apps/vaultwarden/base/vaultwarden-ingress.yaml
@@ -0,0 +1,15 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: vaultwarden-ingress
+  namespace: vaultwarden
+spec:
+  entryPoints:
+    - web
+    - websecure
+  routes:
+  - match: Host(`vault.steffenillium.de`)
+    kind: Rule
+    services:
+    - name: vaultwarden
+      port: 80
diff --git a/apps/vaultwarden/base/vaultwarden-namespace.yaml b/apps/vaultwarden/base/vaultwarden-namespace.yaml
new file mode 100644
index 0000000..deea145
--- /dev/null
+++ b/apps/vaultwarden/base/vaultwarden-namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: vaultwarden
\ No newline at end of file
diff --git a/apps/vaultwarden/base/vaultwarden-secret-sealed.yaml b/apps/vaultwarden/base/vaultwarden-secret-sealed.yaml
new file mode 100644
index 0000000..6100447
--- /dev/null
+++ b/apps/vaultwarden/base/vaultwarden-secret-sealed.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vaultwarden-secret-sealed
+  namespace: vaultwarden
+  annotations:
+    sealedsecrets.bitnami.com/namespace-wide: true
+type: Opaque
+stringData:
+  key: val
+  
diff --git a/apps/vaultwarden/base/vaultwarden-service.yaml b/apps/vaultwarden/base/vaultwarden-service.yaml
new file mode 100644
index 0000000..2f08c76
--- /dev/null
+++ b/apps/vaultwarden/base/vaultwarden-service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: vaultwarden
+  name: vaultwarden
+spec:
+  ports:
+    - name: "web"
+      port: 80
+      targetPort: 80
+  selector:
+    app: vaultwarden
diff --git a/apps/vaultwarden/kustomization.yaml b/apps/vaultwarden/kustomization.yaml
new file mode 100644
index 0000000..e98c249
--- /dev/null
+++ b/apps/vaultwarden/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: vaultwarden
+
+resources:
+- base/vaultwarden-data-pvc.yaml
+- base/vaultwarden-deployment.yaml
+- base/vaultwarden-namespace.yaml
+- base/vaultwarden-secret-sealed.yaml
+- base/vaultwarden-service.yaml