diff --git a/deployments/bitwarden/deployment.yaml b/deployments/bitwarden/deployment.yaml
new file mode 100644
index 0000000..23447db
--- /dev/null
+++ b/deployments/bitwarden/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bitwarden
+  namespace: security
+  labels:
+    app: bitwarden
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: bitwarden
+  template:
+    metadata:
+      labels:
+        app: bitwarden
+    spec:
+      containers:
+        - name: bitwarden
+          image: bitwarden/server:latest
+          ports:
+            - containerPort: 80
+              name: http
+          env:
+            - name: SIGNUPS_ALLOWED
+              value: "false"
+            - name: DATABASE_TYPE
+              value: sqlite
+            - name: DATABASE_FILE
+              value: /bitwarden/data/bitwarden.db
+            - name: WEB_VAULT_ENABLE
+              value: "true"
+            - name: API_ENABLED
+              value: "true"
+            - name: IDENTITY_ENABLED
+              value: "true"
+          volumeMounts:
+            - name: bitwarden-data
+              mountPath: /bitwarden/data
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi
+      volumes:
+        - name: bitwarden-data
+          persistentVolumeClaim:
+            claimName: bitwarden-data
diff --git a/deployments/bitwarden/ingress.yaml b/deployments/bitwarden/ingress.yaml
new file mode 100644
index 0000000..dfa36e2
--- /dev/null
+++ b/deployments/bitwarden/ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: bitwarden
+  namespace: security
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: traefik
+  tls:
+    - hosts:
+        - bitwarden.khalisio.com
+      secretName: bitwarden-tls
+  rules:
+    - host: bitwarden.khalisio.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: bitwarden
+                port:
+                  number: 80
diff --git a/deployments/bitwarden/pvc.yaml b/deployments/bitwarden/pvc.yaml
new file mode 100644
index 0000000..3cd2a15
--- /dev/null
+++ b/deployments/bitwarden/pvc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: bitwarden-data
+  namespace: security
+  labels:
+    app: bitwarden
+spec:
+  accessModes: [ReadWriteOnce]
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 5Gi
diff --git a/deployments/bitwarden/service.yaml b/deployments/bitwarden/service.yaml
new file mode 100644
index 0000000..152af99
--- /dev/null
+++ b/deployments/bitwarden/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: bitwarden
+  namespace: security
+  labels:
+    app: bitwarden
+spec:
+  selector:
+    app: bitwarden
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
+      protocol: TCP
+  type: ClusterIP