diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index dc3f53d7..b157eea4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -141,23 +141,6 @@ variables:
   dependencies: []
   extends: ".environments"
   image: "registry.souvap-univention.de/souvap/tooling/images/helm:latest"
-  secrets:
-    SMTP_PASSWORD:
-      vault:
-        engine:
-          name: "kv-v2"
-          path: "swp"
-        path: "accounts/brained/mail/relay@souvap-univention.de"
-        field: "password"
-      file: false
-    TURN_CREDENTIALS:
-      vault:
-        engine:
-          name: "kv-v2"
-          path: "swp"
-        path: "accounts/souvap-univention.de/develop/turn/secret"
-        field: "credentials"
-      file: false
   script:
     - "cd ${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}"
     # MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD
diff --git a/README.md b/README.md
index 55babe18..fd72cc6b 100644
--- a/README.md
+++ b/README.md
@@ -91,8 +91,6 @@ installation.
 | `DOMAIN`            | `souvap.cloud`        | External reachable domain                         |
 | `ISTIO_DOMAIN`      | `istio.souvap.cloud`  | External reachable domain for Istio Gateway       |
 | `MASTER_PASSWORD`   | `sovereign-workplace` | The password that seeds the autogenerated secrets |
-| `SMTP_PASSWORD`     |                       | Password for SMTP relay gateway                   |
-| `TURN_CREDENTIALS`  |                       | Credentials for coturn server                     |
 
 Please ensure that you set the DNS records pointing to the loadbalancer/IP for
 `DOMAIN` and `ISTIO_DOMAIN`.
@@ -306,6 +304,35 @@ actual scalability of the components (see column `Scaling (verified)`).
 | XWiki       | `replicas.xwiki`       | :white_check_mark:  |       :gear:       |
 
 
+### Mail/SMTP configuration
+
+To use the full potential of the openDesk, you need to set up a STMP Smarthost/Relay which allows to send emails from 
+the whole subdomain.
+
+```yaml
+smtp:
+  host:     # your SMTP host or IP-address
+  username: # username/email for authentication
+  password: # password for authentication, or via environment variable SMTP_PASSWORD
+```
+
+### TURN configuration
+
+Some components (Jitsi, Element) use for direct communication a TURN server.
+You can configure your own TURN server with these options:
+
+```yaml
+turn:
+  transport:   # "udp" or "tcp"
+  credentials: # turn credential string
+  server:      # configuration for unsecure connections
+    host:      # your TURN host or IP-address
+    port:      # server port
+  tls:         # configuration for secure connections
+    host:      # your TURN host or IP-address
+    port:      # server port
+```
+
 ## Security
 
 This list gives you an overview of default security settings and if they comply with security standards:
diff --git a/helmfile/environments/default/smtp.gotmpl b/helmfile/environments/default/smtp.gotmpl
index 3b528274..467587ac 100644
--- a/helmfile/environments/default/smtp.gotmpl
+++ b/helmfile/environments/default/smtp.gotmpl
@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 smtp:
-  host: "mail.brained.io"
-  username: "relay@souvap-univention.de"
+  host: ""
+  username: ""
   password: "{{ env "SMTP_PASSWORD" }}"
 ...