diff --git a/readme.md b/readme.md
index 4b414c5..c302031 100644
--- a/readme.md
+++ b/readme.md
@@ -104,6 +104,14 @@ networks:
     name: home
 ````
 
+### SQLite3
+
+Vaultwarden stores data in a sqlite database. To view data sqlite3 should be installed.
+
+````
+sudo apt install sqlite3
+````
+
 ## Components and structure
 
 The root's docker-compose is used to install common components like databases and traefik.
@@ -136,7 +144,7 @@ Subdirectories are used to structure and keep components independent. You have t
 - nextcloud-fpm
 - nginx
 
-### Security
+### Vault
 
 - vaultwarden
 
diff --git a/security/docker-compose.yaml b/security/docker-compose.yaml
deleted file mode 100644
index 6b4f2eb..0000000
--- a/security/docker-compose.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-version: "3.9"
-
-networks:
-  proxy:
-    external: true
-  internal:
-    external: true
-
-volumes:
-  vault:
-    name: vault
-
-services:
-  vaultwarden:
-    image: vaultwarden/server
-    restart: unless-stopped
-    container_name: vaultwarden
-    volumes:
-      - vault:/data
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.vaultwarden.entrypoints=web"
-      - "traefik.http.routers.vaultwarden.rule=Host(`vault.lan`)"
-      - "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
-    networks:
-      - internal
-      - proxy
diff --git a/vault/docker-compose.yaml b/vault/docker-compose.yaml
new file mode 100644
index 0000000..fbfadef
--- /dev/null
+++ b/vault/docker-compose.yaml
@@ -0,0 +1,35 @@
+version: "3.9"
+
+networks:
+  proxy:
+    external: true
+  internal:
+    external: true
+
+volumes:
+  vault:
+    name: vault
+
+services:
+  vaultwarden:
+    image: vaultwarden/server
+    restart: unless-stopped
+    container_name: vaultwarden
+    volumes:
+      - vault:/data
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.vault.entrypoints=web"
+      - "traefik.http.routers.vault.rule=Host(`cs-vault.ddnss.de`)"
+      - "traefik.http.routers.vault.middlewares=vault"
+      - "traefik.http.middlewares.vault.redirectscheme.scheme=https"
+      - "traefik.http.routers.vault-secure.entrypoints=websecure"
+      - "traefik.http.routers.vault-secure.rule=Host(`cs-vault.ddnss.de`)"
+      - "traefik.http.routers.vault-secure.service=vault-secure"
+      - "traefik.http.routers.vault-secure.tls=true"
+      - "traefik.http.routers.vault-secure.tls.certresolver=myresolver"
+      - "traefik.http.routers.vault-secure.tls.domains[0].main=cs-vault.ddnss.de"
+      - "traefik.http.services.vault-secure.loadbalancer.server.port=80"
+    networks:
+      - internal
+      - proxy