Vaultwarden was retired in May 2026 and CT104 was destroyed. The instance previously at vault.edmd.me no longer exists; the LXC, Docker container, all backups, RSA signing keys, and admin token have been removed from infrastructure.

The decision to retire was operational: the additional credential-management surface area wasn’t pulling its weight against the simpler pattern of per-service secrets.env files + a master inventory at ~/Sync/ED/SECRETS.md (chmod 600, not in git).

Current credential pattern

• Master inventory + rotation runbook: ~/Sync/ED/SECRETS.md — every known credential, consumer map, rotation steps.
• Per-service secrets on CT100: /opt/<service>/secrets.env, owner root, mode 0600, referenced from docker-compose.yml via env_file:. Not committed (.gitignore blocks it in homelab-config).
• *API keys for arr apps: extracted at runtime from each container’s /config/config.xml — never hardcoded. See ~/scripts/arr-briefing-data.py for the canonical extraction.
• Mac-local credentials in ~/.config/: anthropic-api-key, gotify-token, openai-api-key, etc. — chmod 600.

If you came here looking for…

• A password manager → use macOS Keychain, the Bitwarden cloud service, or 1Password depending on the surface.
• A specific credential previously stored in Vaultwarden → check ~/Sync/ED/SECRETS.md.
• How to rotate something → ~/Sync/ED/SECRETS.md has per-credential steps. SKILL: secrets-vault.

See also: Secrets vault SKILL (internal ~/Sync/ED/skills/secrets-vault/SKILL.md).