diff --git a/charts/vaultwarden/charts/vaultwarden/templates/statefulset.yaml b/charts/vaultwarden/charts/vaultwarden/templates/statefulset.yaml
index f6e1a39..8e017be 100644
--- a/charts/vaultwarden/charts/vaultwarden/templates/statefulset.yaml
+++ b/charts/vaultwarden/charts/vaultwarden/templates/statefulset.yaml
@@ -47,6 +47,10 @@ spec:
       tolerations:
         {{- toYaml .Values.tolerations | nindent 8 }}
       {{- end }}
+      securityContext:
+        runAsUser: {{ .Values.runAsUser }}
+        runAsGroup: {{ .Values.runAsUser }}
+        fsGroup: {{ .Values.runAsUser }}
       {{- if .Values.initContainers }}
       initContainers:
         {{- toYaml .Values.initContainers | nindent 8 }}
@@ -58,6 +62,8 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ include "vaultwarden.fullname" . }}
+          securityContext:
+            allowPrivilegeEscalation: false
           env:
             {{- if or (.Values.smtp.username.value) (.Values.smtp.username.existingSecretKey )}}
             - name: SMTP_USERNAME
diff --git a/charts/vaultwarden/charts/vaultwarden/values.yaml b/charts/vaultwarden/charts/vaultwarden/values.yaml
index 4eab242..50fbfeb 100644
--- a/charts/vaultwarden/charts/vaultwarden/values.yaml
+++ b/charts/vaultwarden/charts/vaultwarden/values.yaml
@@ -118,6 +118,15 @@ serviceAccount:
   name: "vaultwarden-svc"
 
 
+## @param runAsUser user ID for VaultWarden and backup run with
+##
+runAsUser: 1100
+
+## @param runAsGroup group ID for VaultWarden and backup run with
+## Same as default user for vaultwarden-backup
+runAsGroup: 1100
+
+
 ## @section Exposure Parameters
 ##