diff --git a/check_process b/check_process
index 846f814..1f0266c 100644
--- a/check_process
+++ b/check_process
@@ -23,6 +23,8 @@
 		upgrade=1	from_commit=3f7d7d2740a1cb3f16a290b64c89e84422d06ede
 		# 1.21.0~ynh2
 		upgrade=1	from_commit=703d5a9cb86d127c7723bb380d7c392a8eb9e703
+		# 1.23.0~ynh1
+		upgrade=1	from_commit=2808a3a8e985bb5431f6d8f2353b07201355afe4
 		backup_restore=1
 		multi_instance=1
 		port_already_use=0
@@ -39,3 +41,5 @@ Notification=all
 		name=1.21.0~ynh2
 	; commit=c233d94d76cae449630c59ce228b7a3c72f8fa12
 		name=1.22.2~ynh1
+	; commit=2808a3a8e985bb5431f6d8f2353b07201355afe4
+		name=1.23.0~ynh1
diff --git a/conf/systemd.service b/conf/systemd.service
index 76d68b5..7f91b11 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -7,21 +7,23 @@ After=network.target
 # The user/group vaultwarden is run under. the working directory (see below) should allow write and read access to this user/group
 User=__APP__
 Group=__APP__
-# The location of the .env file for configuration
+WorkingDirectory=__FINALPATH__/live/
+ReadWriteDirectories=__FINALPATH__/live/
 EnvironmentFile=__FINALPATH__/live/vaultwarden.env
-# The location of the compiled binary
 ExecStart=__FINALPATH__/live/vaultwarden
+
 # Set reasonable connection and process limits
 LimitNOFILE=1048576
 LimitNPROC=64
-# Isolate vaultwarden from the rest of the system
-PrivateTmp=true
-PrivateDevices=true
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+PrivateTmp=yes
+PrivateDevices=yes
 ProtectHome=true
 ProtectSystem=strict
-# Only allow writes to the following directory and set it to the working directory (user and password data are stored here)
-WorkingDirectory=__FINALPATH__/live/
-ReadWriteDirectories=__FINALPATH__/live/
 
 [Install]
 WantedBy=multi-user.target
diff --git a/conf/vaultwarden.env b/conf/vaultwarden.env
index 6f3225b..7a100a6 100644
--- a/conf/vaultwarden.env
+++ b/conf/vaultwarden.env
@@ -5,7 +5,7 @@
 ## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json .
 
 ## Main data folder
-# DATA_FOLDER=data
+DATA_FOLDER=__DATADIR__
 
 ## Database URL
 ## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3
diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md
new file mode 100644
index 0000000..a401535
--- /dev/null
+++ b/doc/DESCRIPTION.md
@@ -0,0 +1 @@
+Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
\ No newline at end of file
diff --git a/manifest.json b/manifest.json
index 95ceadb..74925b5 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "Manage passwords and other sensitive informations",
         "fr": "Gérez les mots de passe et autres informations sensibles"
     },
-    "version": "1.23.0~ynh1",
+    "version": "1.23.0~ynh2",
     "url": "https://github.com/dani-garcia/vaultwarden",
     "upstream": {
         "license": "GPL-3.0-or-later",
@@ -27,7 +27,7 @@
         "nginx"
     ],
     "arguments": {
-        "install" : [
+        "install": [
             {
                 "name": "domain",
                 "type": "domain"
diff --git a/scripts/_common.sh b/scripts/_common.sh
index aa3c17a..65744f6 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -5,7 +5,7 @@
 #=================================================
 
 # dependencies used by the app
-pkg_dependencies="curl tar pkg-config libssl-dev libc6-dev"
+pkg_dependencies="build-essential pkg-config libssl-dev libc6-dev"
 
 #=================================================
 # PERSONAL HELPERS
diff --git a/scripts/backup b/scripts/backup
index 79cfc6d..2215093 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -29,6 +29,7 @@ app=$YNH_APP_INSTANCE_NAME
 
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 
 #=================================================
 # DECLARE DATA AND CONF FILES TO BACKUP
@@ -41,6 +42,12 @@ ynh_print_info --message="Declaring files to be backed up..."
 
 ynh_backup --src_path="$final_path"
 
+#=================================================
+# BACKUP THE DATA DIR
+#=================================================
+
+ynh_backup --src_path="$datadir" --is_big
+
 #=================================================
 # BACKUP THE NGINX CONFIGURATION
 #=================================================
diff --git a/scripts/install b/scripts/install
index b24b6bd..98d090e 100644
--- a/scripts/install
+++ b/scripts/install
@@ -119,14 +119,14 @@ ynh_script_progression --message="Making install..."
 
 # Install rustup with the toolchain needed by vaultwarden
 pushd "$final_path"
-	sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly'
+	ynh_exec_as "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly'
 popd
 
 export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin" 
 
 # Compile vaultwarden
 pushd "$final_path"/build
-	ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --features sqlite --release
+	ynh_exec_warn_less ynh_exec_as "$app" env PATH="$PATH" cargo build --features sqlite --release
 popd
 
 # Install vaultwarden
@@ -137,17 +137,24 @@ ynh_secure_remove --file="$final_path/build"
 ynh_secure_remove --file="$final_path/.cargo"
 ynh_secure_remove --file="$final_path/.rustup"
 
-# Create datadir
-mkdir -p "$final_path/live/data"
+#=================================================
+# CREATE DATA DIRECTORY
+#=================================================
+ynh_script_progression --message="Creating a data directory..."
 
-chmod 750 "$final_path/live/data"
-chmod -R o-rwx "$final_path/live/data"
-chown -R $app:$app "$final_path/live/data"
+datadir=/home/yunohost.app/$app
+ynh_app_setting_set --app=$app --key=datadir --value=$datadir
+
+mkdir -p $datadir
+
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:$app "$datadir"
 
 #=================================================
 # ADD A CONFIGURATION
 #=================================================
-ynh_script_progression --message="Adding a config file..."
+ynh_script_progression --message="Adding a configuration file..."
 
 ynh_add_config --template="../conf/vaultwarden.env" --destination="$final_path/live/vaultwarden.env"
 
diff --git a/scripts/remove b/scripts/remove
index f725253..f6a40ea 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -18,6 +18,7 @@ app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 
 #=================================================
 # STANDARD REMOVE
@@ -40,14 +41,6 @@ ynh_script_progression --message="Stopping and removing the systemd service..."
 # Remove the dedicated systemd config
 ynh_remove_systemd_config
 
-#=================================================
-# REMOVE DEPENDENCIES
-#=================================================
-ynh_script_progression --message="Removing dependencies..."
-
-# Remove metapackage and its dependencies
-ynh_remove_app_dependencies
-
 #=================================================
 # REMOVE APP MAIN DIR
 #=================================================
@@ -56,6 +49,17 @@ ynh_script_progression --message="Removing app main directory..."
 # Remove the app directory securely
 ynh_secure_remove --file="$final_path"
 
+#=================================================
+# REMOVE DATA DIR
+#=================================================
+
+# Remove the data directory if --purge option is used
+if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
+then
+	ynh_script_progression --message="Removing app data directory..."
+	ynh_secure_remove --file="$datadir"
+fi
+
 #=================================================
 # REMOVE NGINX CONFIGURATION
 #=================================================
@@ -65,12 +69,12 @@ ynh_script_progression --message="Removing NGINX web server configuration..."
 ynh_remove_nginx_config
 
 #=================================================
-# REMOVE LOGROTATE CONFIGURATION
+# REMOVE DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Removing logrotate configuration..."
+ynh_script_progression --message="Removing dependencies..."
 
-# Remove the app-specific logrotate config
-ynh_remove_logrotate
+# Remove metapackage and its dependencies
+ynh_remove_app_dependencies
 
 #=================================================
 # REMOVE FAIL2BAN CONFIGURATION
diff --git a/scripts/restore b/scripts/restore
index 4dbae76..6bcd0f6 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -30,13 +30,15 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
 #=================================================
 ynh_script_progression --message="Validating restoration parameters..."
 
-test ! -d $final_path || ynh_die --message="There is already a directory: $final_path "
+test ! -d $final_path \
+	|| ynh_die --message="There is already a directory: $final_path "
 
 #=================================================
 # STANDARD RESTORATION STEPS
@@ -66,6 +68,19 @@ chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
 chown -R $app:$app "$final_path"
 
+#=================================================
+# RESTORE THE DATA DIRECTORY
+#=================================================
+ynh_script_progression --message="Restoring the data directory..."
+
+ynh_restore_file --origin_path="$datadir" --not_mandatory
+
+mkdir -p $datadir
+
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:$app "$datadir"
+
 #=================================================
 # RESTORE FAIL2BAN CONFIGURATION
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index c4bb872..53daeee 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -21,6 +21,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 
 admin_token=$(ynh_app_setting_get --app=$app --key=admin_token)
 rocket_port=$(ynh_app_setting_get --app=$app --key=rocket_port)
@@ -48,8 +49,6 @@ ynh_clean_setup () {
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
-ynh_remove_logrotate
-
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
@@ -90,6 +89,20 @@ then
 	fi
 fi
 
+ynh_remove_logrotate
+
+# If datadir doesn't exist, create it
+if [ -z $datadir ]; then
+	datadir=/home/yunohost.app/$app
+	ynh_app_setting_set --app=$app --key=datadir --value=$datadir
+	mkdir -p $datadir
+	rsync -arz "$final_path/live/data/" "$datadir/" --delete-after --remove-source-files
+	ynh_secure_remove --file="$final_path/live/data"
+	chmod 750 "$datadir"
+	chmod -R o-rwx "$datadir"
+	chown -R $app:$app "$datadir"
+fi
+
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================
@@ -168,14 +181,14 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
 	# Install rustup with the toolchain needed by vaultwarden
 	pushd "$final_path"
-		sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly'
+		ynh_exec_as "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly'
 	popd
 
 	export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin" 
 
 	# Compile vaultwarden
 	pushd "$final_path"/build
-		ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --features sqlite --release
+		ynh_exec_warn_less ynh_exec_as "$app" env PATH="$PATH" cargo build --features sqlite --release
 	popd
 
 	# Remove old generated files before copying the new ones