diff --git a/vaultwarden/cm.yaml b/vaultwarden/cm.yaml
new file mode 100644
index 0000000..c8bbd57
--- /dev/null
+++ b/vaultwarden/cm.yaml
@@ -0,0 +1,77 @@
+apiVersion: v1
+data:
+  _enable_duo: "true"
+  _enable_email_2fa: "false"
+  _enable_smtp: "true"
+  _enable_yubico: "true"
+  ADMIN_RATELIMIT_MAX_BURST: "3"
+  ADMIN_RATELIMIT_SECONDS: "300"
+  admin_session_lifetime: "20"
+  authenticator_disable_time_drift: "false"
+  DATABASE_MAX_CONNS: "10"
+  DB_CONNECTION_RETRIES: "15"
+  disable_2fa_remember: "false"
+  disable_icon_download: "false"
+  DOMAIN: https://vault.borninpain.de
+  email_2fa_enforce_on_verified_invite: "false"
+  email_2fa_auto_fallback: "false"
+  email_attempts_limit: "3"
+  EMAIL_CHANGE_ALLOWED: "true"
+  email_expiration_time: "600"
+  email_token_size: "6"
+  EMERGENCY_ACCESS_ALLOWED: "true"
+  EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE: 0 3 * * * *
+  EMERGENCY_REQUEST_TIMEOUT_SCHEDULE: 0 7 * * * *
+  EXTENDED_LOGGING: "true"
+  http_request_block_non_global_ips: "true"
+  ICON_BLACKLIST_NON_GLOBAL_IPS: "true"
+  icon_cache_ttl: "2592000"
+  icon_cache_negttl: "259200"
+  icon_download_timeout: "10"
+  ICON_REDIRECT_CODE: "302"
+  ICON_SERVICE: internal
+  incomplete_2fa_time_limit: "3"
+  increase_note_size_limit: "false"
+  INVITATION_EXPIRATION_HOURS: "120"
+  INVITATION_ORG_NAME: Vaultwarden
+  INVITATIONS_ALLOWED: "true"
+  IP_HEADER: X-Real-IP
+  LOG_TIMESTAMP_FORMAT: '%Y-%m-%d %H:%M:%S.%3f'
+  ORG_EVENTS_ENABLED: "false"
+  ORG_GROUPS_ENABLED: "false"
+  password_hints_allowed: "true"
+  password_iterations: "600000"
+  reload_templates: "false"
+  REQUIRE_DEVICE_EMAIL: "false"
+  ROCKET_ADDRESS: 0.0.0.0
+  ROCKET_PORT: "8080"
+  ROCKET_WORKERS: "10"
+  SENDS_ALLOWED: "true"
+  SHOW_PASSWORD_HINT: "false"
+  SIGNUPS_ALLOWED: "true"
+  SIGNUPS_VERIFY: "true"
+  signups_verify_resend_limit: "6"
+  signups_verify_resend_time: "3600"
+  smtp_host: "mxe965.netcup.net"
+  smtp_security: "starttls"
+  smtp_port: "587"
+  smtp_from: "noreply@borninpain.de"
+  smtp_from_name: "Vaultwarden"
+  smtp_timeout: "15"
+  smtp_embed_images: "true"
+  smtp_accept_invalid_certs: "false"
+  smtp_accept_invalid_hostnames: "false"
+  TRASH_AUTO_DELETE_DAYS: ""
+  use_sendmail: "false"
+  WEB_VAULT_ENABLED: "true"
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/component: vaultwarden
+    app.kubernetes.io/instance: vaultwarden
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: vaultwarden
+    app.kubernetes.io/version: 1.33.2
+    helm.sh/chart: vaultwarden-0.31.8
+  name: vaultwarden
+  namespace: vaultwarden
\ No newline at end of file
diff --git a/vaultwarden/kustomization.yaml b/vaultwarden/kustomization.yaml
index c2b3a57..cc32469 100644
--- a/vaultwarden/kustomization.yaml
+++ b/vaultwarden/kustomization.yaml
@@ -3,5 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
+  - cm.yaml
   - vaultwarden.yaml
   
\ No newline at end of file
diff --git a/vaultwarden/vaultwarden.yaml b/vaultwarden/vaultwarden.yaml
index f1619d3..1ac51bc 100644
--- a/vaultwarden/vaultwarden.yaml
+++ b/vaultwarden/vaultwarden.yaml
@@ -97,84 +97,6 @@ subjects:
   name: vaultwarden-svc
 ---
 apiVersion: v1
-data:
-  _enable_duo: "true"
-  _enable_email_2fa: "false"
-  _enable_smtp: "true"
-  _enable_yubico: "true"
-  ADMIN_RATELIMIT_MAX_BURST: "3"
-  ADMIN_RATELIMIT_SECONDS: "300"
-  admin_session_lifetime: "20"
-  authenticator_disable_time_drift: "false"
-  DATABASE_MAX_CONNS: "10"
-  DB_CONNECTION_RETRIES: "15"
-  disable_2fa_remember: "false"
-  disable_icon_download: "false"
-  DOMAIN: "https://vault.borninpain.de"
-  email_2fa_enforce_on_verified_invite": "false"
-  email_2fa_auto_fallback": "false"
-  email_attempts_limit": "3"
-  EMAIL_CHANGE_ALLOWED: "true"
-  email_expiration_time": "600"
-  email_token_size": "6"
-  EMERGENCY_ACCESS_ALLOWED: "true"
-  EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE: 0 3 * * * *
-  EMERGENCY_REQUEST_TIMEOUT_SCHEDULE: 0 7 * * * *
-  EXTENDED_LOGGING: "true"
-  http_request_block_non_global_ips: "true"
-  ICON_BLACKLIST_NON_GLOBAL_IPS: "true"
-  icon_cache_ttl: "2592000"
-  icon_cache_negttl: "259200"
-  icon_download_timeout: "10"
-  ICON_REDIRECT_CODE: "302"
-  ICON_SERVICE: internal
-  incomplete_2fa_time_limit: "3"
-  increase_note_size_limit: "false"
-  INVITATION_EXPIRATION_HOURS: "120"
-  INVITATION_ORG_NAME: Vaultwarden
-  INVITATIONS_ALLOWED: "true"
-  IP_HEADER: X-Real-IP
-  LOG_TIMESTAMP_FORMAT: '%Y-%m-%d %H:%M:%S.%3f'
-  ORG_EVENTS_ENABLED: "false"
-  ORG_GROUPS_ENABLED: "false"
-  password_hints_allowed: "true"
-  password_iterations: "600000"
-  reload_templates: "false"
-  REQUIRE_DEVICE_EMAIL: "false"
-  ROCKET_ADDRESS: 0.0.0.0
-  ROCKET_PORT: "8080"
-  ROCKET_WORKERS: "10"
-  SENDS_ALLOWED: "true"
-  SHOW_PASSWORD_HINT: "false"
-  SIGNUPS_ALLOWED: "true"
-  SIGNUPS_VERIFY: "true"
-  signups_verify_resend_limit: "6"
-  signups_verify_resend_time: "3600"
-  smtp_host: "mxe965.netcup.net"
-  smtp_security: "starttls"
-  smtp_port: "587"
-  smtp_from: "noreply@borninpain.de"
-  smtp_from_name: "Vaultwarden"
-  smtp_timeout: "15"
-  smtp_embed_images: "true"
-  smtp_accept_invalid_certs: "false"
-  smtp_accept_invalid_hostnames: "false"
-  TRASH_AUTO_DELETE_DAYS: ""
-  use_sendmail: "false"
-  WEB_VAULT_ENABLED: "true"
-kind: ConfigMap
-metadata:
-  labels:
-    app.kubernetes.io/component: vaultwarden
-    app.kubernetes.io/instance: vaultwarden
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: vaultwarden
-    app.kubernetes.io/version: 1.33.2
-    helm.sh/chart: vaultwarden-0.31.8
-  name: vaultwarden
-  namespace: vaultwarden
----
-apiVersion: v1
 kind: Service
 metadata:
   labels: