diff --git a/deployments/bitwarden/namespace.yaml b/deployments/bitwarden/namespace.yaml
deleted file mode 100644
index 5b441a5..0000000
--- a/deployments/bitwarden/namespace.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: security
-  labels:
-    app.kubernetes.io/name: bitwarden
-    app.kubernetes.io/managed-by: orion
diff --git a/deployments/bitwarden/deployment.yaml b/deployments/security/bitwarden/deployment.yaml
similarity index 71%
rename from deployments/bitwarden/deployment.yaml
rename to deployments/security/bitwarden/deployment.yaml
index 3931fe2..8948311 100644
--- a/deployments/bitwarden/deployment.yaml
+++ b/deployments/security/bitwarden/deployment.yaml
@@ -21,19 +21,17 @@ spec:
           ports:
             - containerPort: 80
           env:
-            - name: WEBSOCKET_ENABLED
+            - name: BW_ADMIN_DOMAIN
+              value: bitwarden.khalisio.com
+            - name: WEBSOCKETS_ENABLED
               value: "true"
             - name: SIGNUPS_ALLOWED
               value: "true"
-            - name: ADMIN_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: bitwarden-secret
-                  key: admin-token
-            - name: DB_CERT_FORMAT
-              value: "pem"
-            - name: SIGNUP_ORIGINS
-              value: "https://bitwarden.khalisio.com"
+            - name: DOMAIN
+              value: https://bitwarden.khalisio.com
+          envFrom:
+            - secretRef:
+                name: bitwarden-secret
           volumeMounts:
             - name: bitwarden-data
               mountPath: /data
diff --git a/deployments/bitwarden/ingress.yaml b/deployments/security/bitwarden/ingress.yaml
similarity index 75%
rename from deployments/bitwarden/ingress.yaml
rename to deployments/security/bitwarden/ingress.yaml
index 1976d66..3609fd5 100644
--- a/deployments/bitwarden/ingress.yaml
+++ b/deployments/security/bitwarden/ingress.yaml
@@ -4,18 +4,15 @@ metadata:
   name: bitwarden
   namespace: security
   annotations:
-    kubernetes.io/ingress.class: traefik
+    cert-manager.io/cluster-issuer: letsencrypt-prod
 spec:
   entryPoints:
     - websecure
+  tls:
+    secretName: bitwarden-tls
   routes:
     - match: Host(`bitwarden.khalisio.com`)
       kind: Rule
       services:
         - name: bitwarden
           port: 80
-  tls:
-    secretName: bitwarden-tls
-    options:
-      name: default
-      kind: ClusterEntrypoint
diff --git a/deployments/bitwarden/pvc.yaml b/deployments/security/bitwarden/pvc.yaml
similarity index 100%
rename from deployments/bitwarden/pvc.yaml
rename to deployments/security/bitwarden/pvc.yaml
diff --git a/deployments/bitwarden/service.yaml b/deployments/security/bitwarden/service.yaml
similarity index 71%
rename from deployments/bitwarden/service.yaml
rename to deployments/security/bitwarden/service.yaml
index 7e07252..02bdb48 100644
--- a/deployments/bitwarden/service.yaml
+++ b/deployments/security/bitwarden/service.yaml
@@ -3,13 +3,11 @@ kind: Service
 metadata:
   name: bitwarden
   namespace: security
-  labels:
-    app: bitwarden
 spec:
-  type: ClusterIP
-  ports:
-    - port: 80
-      targetPort: 80
-      protocol: TCP
   selector:
     app: bitwarden
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+  type: ClusterIP
diff --git a/deployments/security/namespace.yaml b/deployments/security/namespace.yaml
new file mode 100644
index 0000000..79b33f3
--- /dev/null
+++ b/deployments/security/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: security
+  labels:
+    name: security
\ No newline at end of file