diff --git a/roles/vaultwarden/tasks/update.yml b/roles/vaultwarden/tasks/update.yml
index d5ddb34..aadb898 100644
--- a/roles/vaultwarden/tasks/update.yml
+++ b/roles/vaultwarden/tasks/update.yml
@@ -3,13 +3,16 @@
     path: "{{ vaultwarden_project_dir }}"
     state: directory
 
-- name: Template docker-compose.yaml to project directory
+- name: Template docker-compose.yaml & .env to project directory
   template:
-    src: docker-compose.yaml
-    dest: "{{ vaultwarden_project_dir }}/docker-compose.yaml"
+    src: "{{ item }}"
+    dest: "{{ vaultwarden_project_dir }}/{{ item }}"
     owner: "{{ ansible_env['USER'] }}"
     group: "{{ ansible_env['USER'] }}"
     mode: '640'
+  loop:
+    - docker-compose.yaml
+    - .env
 
 - name: "Create directory {{ volumes['vaultwarden_datadir'] }} with correct permissions"
   file:
diff --git a/roles/vaultwarden/templates/.env b/roles/vaultwarden/templates/.env
new file mode 100644
index 0000000..a6bf8df
--- /dev/null
+++ b/roles/vaultwarden/templates/.env
@@ -0,0 +1,2 @@
+ADMIN_TOKEN='{{ vaultwarden_secrets["admin_token_hash"] }}'
+SMTP_PASSWORD='{{ vaultwarden_secrets["smtp_password"] }}'
diff --git a/roles/vaultwarden/templates/docker-compose.yaml b/roles/vaultwarden/templates/docker-compose.yaml
index b43453c..deedff0 100644
--- a/roles/vaultwarden/templates/docker-compose.yaml
+++ b/roles/vaultwarden/templates/docker-compose.yaml
@@ -7,7 +7,13 @@ services:
     environment:
       - DOMAIN=https://vw.{{ domain }}
       - SIGNUPS_ALLOWED=false
-      - ADMIN_TOKEN={{ vaultwarden_secrets['admin_token_hash'] | regex_replace('\$', '$$') }}
+      - ADMIN_TOKEN=${ADMIN_TOKEN}
+      - SMTP_HOST=mail.{{ domain }}
+      - SMTP_FROM=vaultwarden@{{ domain }}
+      - SMTP_PORT={{ ports['mailserver_smtps'] }}
+      - SMTP_SECURITY=force_tls
+      - SMTP_USERNAME={{ vaultwarden_secrets['smtp_username'] }}
+      - SMTP_PASSWORD=${SMTP_PASSWORD}
     ports:
       - 127.0.0.1:{{ ports['vaultwarden'] }}:80
     volumes: