diff --git a/apps/authelia/README.md b/apps/authelia/README.md
new file mode 100644
index 0000000..c34fd60
--- /dev/null
+++ b/apps/authelia/README.md
@@ -0,0 +1,9 @@
+To force auth for an app that doesn't have it, use:
+
+```
+annotations:
+  nginx.ingress.kubernetes.io/auth-method: 'GET'
+  nginx.ingress.kubernetes.io/auth-url: 'http://authelia.authelia-system.svc.cluster.local/api/authz/auth-request'
+  nginx.ingress.kubernetes.io/auth-signin: 'https://auth.nc.landry.land?rm=$request_method'
+  nginx.ingress.kubernetes.io/auth-response-headers: 'Remote-User,Remote-Name,Remote-Groups,Remote-Email'
+```
diff --git a/apps/authelia/base/daemonset.patch.yaml b/apps/authelia/base/daemonset.patch.yaml
index 6e6c75a..d223ca6 100644
--- a/apps/authelia/base/daemonset.patch.yaml
+++ b/apps/authelia/base/daemonset.patch.yaml
@@ -3,6 +3,7 @@ kind: DaemonSet
 metadata:
   name: authelia
 spec:
+  revisionHistoryLimit: 3
   template:
     spec:
       containers:
@@ -36,3 +37,7 @@ spec:
                   key: password
             # - name: TZ
             #   value: ...
+
+            # Overriding the definition from Helm because ArgoCD is mangling it for some reason
+            - name: AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE
+              value: "/secrets/internal/identity_validation.reset_password.jwt.hmac.key"