diff --git a/hosts/bekkalokk/services/vaultwarden.nix b/hosts/bekkalokk/services/vaultwarden.nix
index 942589b..028b710 100644
--- a/hosts/bekkalokk/services/vaultwarden.nix
+++ b/hosts/bekkalokk/services/vaultwarden.nix
@@ -6,11 +6,6 @@ let
   port = 3011;
   wsPort = 3012;
 in {
-  sops.secrets."vaultwarden/environ" = {
-    owner = "vaultwarden";
-    group = "vaultwarden";
-    mode = "440";
-  };
   sops.secrets."vaultwarden/rsa_key.pem" = {
     owner = "vaultwarden";
     group = "vaultwarden";
@@ -21,11 +16,22 @@ in {
     group = "vaultwarden";
     mode = "440";
   };
+  sops.secrets."vaultwarden/env/DATABASE_PASSWORD" = { };
+  sops.secrets."vaultwarden/env/SMTP_PASSWORD" = { };
+  sops.templates."vaultwarden/environment_file" = {
+    owner = "vaultwarden";
+    group = "vaultwarden";
+    mode = "440";
+    content = ''
+        DATABASE_URL=postgresql://vaultwarden:${config.sops.placeholder."vaultwarden/env/DATABASE_PASSWORD"}@postgres.pvv.ntnu.no/vaultwarden
+        SMTP_PASSWORD=${config.sops.placeholder."vaultwarden/env/SMTP_PASSWORD"}
+    '';
+  };
 
   services.vaultwarden = {
     enable = true;
     dbBackend = "postgresql";
-    environmentFile = config.sops.secrets."vaultwarden/environ".path;
+    environmentFile = config.sops.templates."vaultwarden/environment_file".path;
     config = {
       DOMAIN = "https://${domain}";
 
@@ -49,10 +55,6 @@ in {
       SMTP_AUTH_MECHANISM = "Login";
 
       RSA_KEY_FILENAME = lib.removeSuffix ".pem" config.sops.secrets."vaultwarden/rsa_key.pem".path;
-
-      # Configured in environ:
-      # DATABASE_URL = "postgresql://vaultwarden@/vaultwarden";
-      # SMTP_PASSWORD = hemli
     };
   };
 
diff --git a/secrets/bekkalokk/bekkalokk.yaml b/secrets/bekkalokk/bekkalokk.yaml
index 61a3800..61e38e6 100644
--- a/secrets/bekkalokk/bekkalokk.yaml
+++ b/secrets/bekkalokk/bekkalokk.yaml
@@ -32,7 +32,9 @@ nettsiden:
         cookie_salt: ENC[AES256_GCM,data:VmODSLOP1YDBrpHdk/49qx9BS+aveEYDQ1D24d4zCi06kZsCENCr+vdPAnTeM1pw98RTr3yZAEQTh4s90b6v8Q==,iv:vRClu6neyYPFdtD63kjnvK2iNOIHMbh+9qEGph7CI60=,tag:66fgppVxY0egs4+9XfDBPA==,type:str]
         admin_password: ENC[AES256_GCM,data:SADr/zN3F0tW339kSK1nD9Pb38rw7hz8,iv:s5jgl1djXd5JKwx1WG/w2Q4STMMpjJP91qxOwAoNcL0=,tag:N8bKnO9N0ei06HDkSGt6XQ==,type:str]
 vaultwarden:
-    environ: ENC[AES256_GCM,data:CST5I8x8qAkrTy/wbMLL6aFSPDPIU7aWsD1L1MnIATRmk7fcUhfTSFds7quJmIpb2znsIT/WxNI/V/7UW+9ZdPKI64hfPR8MtvrJcbOhU5Fe2IiytFymFbhcOgWAXjbGzs7knQmpfMxSl98sU71oLkRuFdkousdnh4VQFZhUCYM=,iv:Is6xQ7DGdcAQgrrXCS9NbJk67O2uR82rbKOXBTzZHWw=,tag:XVEjCEM5t8qJl6jL89zrkw==,type:str]
+    env:
+        DATABASE_PASSWORD: ENC[AES256_GCM,data:uSaQuyx4yn1QfUABWpEjf8x97Imh6A==,iv:pukLl3k8X+ITRZ4bZfOPjsWKCHjVCo8Zd6qEHRERAYc=,tag:4y03dQbEhS+mTXUhzt54bA==,type:str]
+        SMTP_PASSWORD: ENC[AES256_GCM,data:Nr+4wZSvq6KjfzB169v4ojvWHa25Aw==,iv:HM4VYLUCI0HaBT8cDzusYA+49LpuJeg7v/Pz4nfulmM=,tag:T4TkDt+NdWnqbCDaRUERJw==,type:str]
     rsa_key.pem: ENC[AES256_GCM,data:bYZzFj2ImB0jfiIP9N9V+nk1ROjql4PEuDcJIhVV96BeE++Kq+DGORrnfCyJaubNlqT7+nlMGN/D6bfzwKWivuXDd7T5s6wXplk480anOrFU4cJ9NYXHJjoT8Cn+jKSb7JEWO42cVwraB+qGWFZevOrRtdBM328ffOH4IDqVYgIonnM+pHe7oGglg2Xc97x3GQ46ODWKFZsAqU3ZZv+4SGJXJJorPv+cOIoVvXpqec7TuD2MnfdXvLQEl6o/zsGuV/yQkbJus/BqKUUR+RZ9i/0xuzCd/hJS9yFbHHBj82fDh6+D4TG+1PM+dVRSolkkxhcBvvBJtUPqRewTe5cNO9wZP1ocf9GNmXMbvopaNdAxh6uPJNH1Z6aZ+kLShF5ddE4FuKSvucEPgUdscZw01LeJIehZ7uzHCC99jmojU8rlsWFPvJqUfp0xAZDFDJgCIGt6AbKwBCCeFGuvqYT6w5GQ8uT8OQVBmRxUCZuplcDTUMsBXDxa/Q/5Q/O2zIev7jw7Rm0cJ23ovllu40VvLD+Xu/uQVYzivOOHkvUhQkjVkfbk073ZjrhlIMO3BOuA7PDKUsMBz3UVndtrYU+OOtCI0CoCVVP/K/CamNBGGHdvBoQ13bVn04OgdgJYgz04gP6MqFkr8AWoPFHVZe8+Z/tlW5DtV6SRoUfGFlnROWhiBVZpNuUj/ef1gUY1OoFuqY4GRc3nkC/Fwxi81+lSbAQ2ZdtqroJxquoVJhoUWuSonNDBtOYU0yczvF70R84AFzWKh1eJ7hr2iwcMJPSkhTzTm7LTrr0mQqU8qMxUz4pa0yxOZW0UkC2koz6jKdYlwXHMjjyiUZqfc2y9DrRF6Sa/NUPTrzIvikYk9yr3thnh4VtcsYdqvwlsnkbM/HtGvcmmtZjT4npLyD5t/7tUOs453Ntoo1BOto7+X+0IrFs9yHheBOqfj8dA1M2am0cjrS9LyaSnqBREgBFWVJdpSB0aDdh0M8vmpCBcdrzGPLCUXhNWihiZFEVh1ZrwzXWndRtqmhFLFfXmnEAhtEQL6l/GuA5WEYPHIThq+33BDhXAUB5oBcQQSI8TGPWw0IkOci8Q+SlUd81h2JtAmek/L+1kGZwmyolg1iA9c0LVxapM9cpSNVnmON/O2q3tFisQS82/ysKnNggeyD/ByY0dGMUZILAeONBqm41UcVGoAP5N5KE6Cb7FlppBRitn4QejVvLExPtK8NwQl503Yjq+yBTjSjhuZbB2mQaFgJeKhXrm34I3ZMKKm58j+NAGVJTi7RPzSfTW3kvPvtfm8GvM+vuOOxvNzdid8jR241pQl35d6hOYS3wvbkDVmkvbcjTJBPslvq6pGmAVPyHLHshgyTvvTweX1yodoV+4Z3dtrBb9wZKADT6VfTmEo4RXNjIoZFQrTJTdBeVQbgxejySKHAy2G0/8ZipvToj7zRULSOHh6yS4no8b7U7ZY9tEdxs8uxhDob0nkGy7VQUGG8YNXuwGsjLjVsTiawXiWnqdxeFLuTkKEvtMEEmDUfIRErY2juZbra4AKKWdjegc4ayW1ZyUq5i12eRdnpNbdXBQBtBjagvo3A29bse1TMV3Hww+B7oZ0wsHFD72byD159DdEqnLYlxzRjXns3E2qX8f5xvIUFkBIFNDqkKVaq9wqCrmS0vpbHvuiEJDwyr+nu32nWYT9M+RO41Ri/W63juukd/wf75QKVNNjV5WVrJaN2lgr1+3ux0LE5qs01nZZKqv0jzk4P2SnrPJLMq9NbEgXgKjmwqABnQm8KkeHpPQ8ns4JAY7L5pV6faf1rKWQnE71t9qpKSNMlOgtcv2Jd+5HZuUYbYw5SdDYmwsd+OT0cVu0jURz22k/OmT9GY09SnYpvgHrXLNjvEtY0Tr2vpX1SL5qTx6MWDs/nr47+t/DUEMC/JmUrIOE3OSZXpS9AO4BsBmTV0DF5SlvYBDnHAqkHuJbzRdQ1FjGg/wZLFDmIUy3F7m7bGB+5NX+1ZO1BmG2f0ICpHiR1SGnaK81mY3gmfUD8al7gmmKmAltfvw2kP+Z+Hv2d+XGqVk2csRlfq9e5wu0jFKgcGIs4NuA71V0oKfwL7a3gN0Drd270frH1lYzET0NRSQkqw4oeTt0y4my5TvYGmLEHE05IORdrmHUkHefUtomTEB6YQYY+wLyxVBo6z6MFLN7eCe1HtxjUBp8LFxTT+2l7IusDgIs+6I05Krrrz5GHgNHdMBhw==,iv:CtmysYvEFew/839Gj+vZEDoqu6TvrZ9bUIg9GwejIX0=,tag:CnTEOKLYDsVGRVrQDwfFKQ==,type:str]
     rsa_key.pub.pem: ENC[AES256_GCM,data:B/2SQrEQ4zRie6A89jneHl5tXfHraYzVEBshY+IrRoufI9YpQw16VjGgrNVCpaG5+PSsCNjz8lXM33oQwg7HU1IWHmvrZdEgkguYv722Ngdb4D8IKHL1nsL9/gkVQFFFvty9ru3LDTfrFKF3cLX+6eIQMFk5W+qLuVO5Pbxh3LKWmN7zG8XHa/b+tvMQclHrtY2iomIThyxKi8w03uE1Fs6V80hyuMA/3TdIz9nUwl5WpiGxaelwaJyts2b5KoBzJ0zZbdR4IHCTYYqBkdjo8929M/gfPS6ZqZS2FPDReoWiujJSAyyoC9xZxglUk/g7vU/8CVwcrtVzn5DEbUot/om98p/1Hq/1Hk4zli49Ysy8nbPhlshZeH5RNSQIDkY6wT7TYD5m3QXjXV+siH7ClKAfri2zp4S4k9uEXvL27NTPqvoXKIUpSEl1b0A/ApQt761PODEMtEXx2PmlRKhg9T9cvLRNYbJavg3FMNivZ+2oQNZXeJZWUEjtqsEoPBAbEHklMtKJiQiThtIPHL3eEdTAhOVhjxBGYU2Kase2hU7g2YvgC3+8u48OarXZbZYgcJkoCHrm+hocYm5DZJ64rxURZQ==,iv:6x0vx8tiGOsQxHsp+qO+nvdUmqNKWINdFO1wXOnORVo=,tag:zuPNh7IfEG/c4lsFVNRYog==,type:str]
 bluemap:
@@ -103,8 +105,8 @@ sops:
             29mxere0efSSGGq8y9YrPC8UX5hZRfqg/dfbL+PFc4NHfbxB/oSzQw==
             -----END AGE ENCRYPTED FILE-----
           recipient: age1sqs7urnzsdy64efmd0zukzv3gs5pnjksuxd7nqmdwdy5l0nqnunq6hyune
-    lastmodified: "2026-05-22T08:49:15Z"
-    mac: ENC[AES256_GCM,data:T1+v+gStEkof43WJKM1gHQUlt1T9ank7R8Mrq7LI9TIvh0C8M753T74bZnwj0sTJV5byJOficZzl+ZIJ5jhfR8LvSCrXIrMdYWFa5qMsPLsNBTlAq1p9kj16w8502FtlJI3VYxZwTTTizul/4+DSh4dFODb/KyzgLzxrJDbB3bM=,iv:c/OYP1RZJdSMGKt3FC1MwsnbHgnT8Vu3CL7mYIy4KtU=,tag:0+MIkTtCoUR7hKC+BXi7LA==,type:str]
+    lastmodified: "2026-05-22T08:58:19Z"
+    mac: ENC[AES256_GCM,data:EYU8RCXRMdQn+yLB0iWBw7JULZya3PqkScAFtlP0d0zTyud4MGVCTINtrn7EgboYONvEWgi4yRvJVHUDPArRA6WlHx/tx175DJbVq6sdnl0xsL0Y9dt18HbdEgDDyOxbCjTOjAV1WPINOmpVvyXMp4+cc0oU3g+2ANjiodkU+t4=,iv:wAi+m9VkKx1bCxz5kZyEgNQcPE9aa5f9TlaYEohnwu0=,tag:3ZtP78aCmyqW0A0zvgpUTw==,type:str]
     pgp:
         - created_at: "2026-01-16T06:34:44Z"
           enc: |-