diff --git a/services/bstein-dev-home/rbac.yaml b/services/bstein-dev-home/rbac.yaml
index a6fcd03..6717b45 100644
--- a/services/bstein-dev-home/rbac.yaml
+++ b/services/bstein-dev-home/rbac.yaml
@@ -27,3 +27,28 @@ subjects:
   - kind: ServiceAccount
     name: bstein-dev-home
     namespace: bstein-dev-home
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: bstein-dev-home-vaultwarden-admin-token-reader
+  namespace: vaultwarden
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+    resourceNames: ["vaultwarden-admin"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: bstein-dev-home-vaultwarden-admin-token-reader
+  namespace: vaultwarden
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: bstein-dev-home-vaultwarden-admin-token-reader
+subjects:
+  - kind: ServiceAccount
+    name: bstein-dev-home
+    namespace: bstein-dev-home