diff --git a/argo/apps/values.yaml b/argo/apps/values.yaml
index 182f4e9..3367b44 100644
--- a/argo/apps/values.yaml
+++ b/argo/apps/values.yaml
@@ -60,8 +60,8 @@ helmApps:
     repoURL: https://k8s-at-home.com/charts/
     chart: wallabag
     revision: 7.1.2
-  - app: lemmy
-    namespace: lemmy
-    repoURL: https://ananace.gitlab.io/charts
-    chart: lemmy
-    revision: 0.4.1
+      #  - app: lemmy
+      #    namespace: lemmy
+      #    repoURL: https://ananace.gitlab.io/charts
+      #    chart: lemmy
+      #    revision: 0.4.1
diff --git a/scripts/lemmy-vault.sh b/scripts/lemmy-vault.sh
new file mode 100755
index 0000000..207b4e4
--- /dev/null
+++ b/scripts/lemmy-vault.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+VAULT_AUTH_NAMESPACE=k8s-teapot
+cat << EOH > lemmy.hcl
+path "kv/data/lemmy" {
+  capabilities = ["read"]
+}
+EOH
+vault policy write lemmy lemmy.hcl
+rm lemmy.hcl
+
+HOST_IP=$(ip addr show eth0 | grep -Po 'inet \K[\d.]+')
+TOKEN="$(kubectl get secret serviceaccounttoken -n lemmy -o go-template='{{ .data.token }}' | base64 -d)"
+
+vault write auth/${VAULT_AUTH_NAMESPACE}/role/lemmy \
+    bound_service_account_names=lemmy \
+    bound_service_account_namespaces=lemmy \
+    policies=lemmy \
+    ttl=24h
+
+vault write auth/${VAULT_AUTH_NAMESPACE}/login role=lemmy jwt=${TOKEN} iss=https://${HOST_IP}:6443
+