diff --git a/inventories/production/group_vars/all.yml b/inventories/production/group_vars/all.yml
index ec6c028..4f384a7 100644
--- a/inventories/production/group_vars/all.yml
+++ b/inventories/production/group_vars/all.yml
@@ -319,6 +319,15 @@ secret_synapse_db_pass: !vault |
           3663623537333161630a616263656362633461366462613366323262363734353233373330393932
           36653333643632313139396631633962386533323330346639363736353863313763
 
+# For Vaultwarden
+secret_vaultwarden_db_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          61396131623266353764386535373334653337353337326464353636343863643733663333333531
+          6664376235396139616466646462623666663164323461610a336566396135343431356332626337
+          32373535343266613565313531653061316438313332333261353435366661353437663361346434
+          3536306466306362340a313563333065383733373834393131306661383932643565373161356162
+          33643434396436343037656339343336653637356233313034356632626538616366
+
 # For home media stuff
 secret_transmission_user_pass: !vault |
           $ANSIBLE_VAULT;1.1;AES256
diff --git a/playbooks/local_dns.yml b/playbooks/local_dns.yml
index 40a8c1a..aa2dab8 100755
--- a/playbooks/local_dns.yml
+++ b/playbooks/local_dns.yml
@@ -104,6 +104,8 @@
           value: vm-general-1.ashburn.mgmt.desu.ltd
         - record: netbox.desu.ltd
           value: vm-general-1.ashburn.mgmt.desu.ltd
+        - record: vault.desu.ltd
+          value: vm-general-1.ashburn.mgmt.desu.ltd
         # Local
         - record: homeauto.local.desu.ltd
           value: pi-homeauto-1.home.mgmt.desu.ltd
diff --git a/playbooks/prod_db.yml b/playbooks/prod_db.yml
index 334a35c..67057bc 100755
--- a/playbooks/prod_db.yml
+++ b/playbooks/prod_db.yml
@@ -41,6 +41,8 @@
             password: "{{ secret_pleroma_9iron_db_pass }}"
           - name: synapse-desultd
             password: "{{ secret_synapse_db_pass }}"
+          - name: vaultwarden-desultd
+            password: "{{ secret_vaultwarden_db_pass }}"
         postgresql_databases:
           - name: ara-desultd
             owner: ara-desultd
@@ -60,4 +62,6 @@
             lc_collate: C
             lc_ctype: C
             owner: synapse-desultd
+          - name: vaultwarden-desultd
+            owner: vaultwarden-desultd
       tags: [ db, psql ]
diff --git a/playbooks/prod_web.yml b/playbooks/prod_web.yml
index 66b4295..c3a3129 100755
--- a/playbooks/prod_web.yml
+++ b/playbooks/prod_web.yml
@@ -6,7 +6,6 @@
   gather_facts: no
   module_defaults:
     docker_container:
-      state: started
       restart_policy: unless-stopped
       pull: yes
   pre_tasks:
@@ -19,6 +18,7 @@
       with_items:
         - app/gitlab-runner.yml
         - app/redis.yml
+        - app/vaultwarden.yml
         - web/9iron.yml
         - web/ara.yml
         - web/desultd.yml
@@ -259,6 +259,8 @@
                   try_files $uri $uri/ =404;
           - name: netbox.desu.ltd
             proxy_pass: http://netbox:8080
+          - name: vault.desu.ltd
+            proxy_pass: http://vaultwarden:80
           # 9iron
           - name: www.9iron.club
             directives: