diff --git a/.env.sample b/.env.sample
index 4b49339..16dde98 100644
--- a/.env.sample
+++ b/.env.sample
@@ -25,6 +25,7 @@ TX="Europe/Berlin"
 ## SMTP settings
 #COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
 #SECRET_SMTP_PASSWORD_VERSION=v1
+#SMTP_ENABLED=1
 #SMTP_FROM=noreply@example.com
 #SMTP_USERNAME=noreply@example.com
 #SMTP_HOST=mail.example.com
diff --git a/compose.smtp.yml b/compose.smtp.yml
index d20975e..849812c 100644
--- a/compose.smtp.yml
+++ b/compose.smtp.yml
@@ -6,6 +6,7 @@ services:
     secrets:
       - smtp_password
     environment:
+      - "SMTP_ENABLED"
       - "SMTP_PASSWORD_FILE=/run/secrets/smtp_password"
       - "SMTP_FROM"
       - "SMTP_USERNAME"
diff --git a/compose.yml b/compose.yml
index 19b8fbe..15ed114 100644
--- a/compose.yml
+++ b/compose.yml
@@ -42,7 +42,7 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=1.1.0+1.33.2"
+        - "coop-cloud.${STACK_NAME}.version=2.0.0+1.33.2"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/data"
 
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index a8335d2..cdb5955 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -47,7 +47,10 @@ if [ -n "${MYSQL_HOST}" ]; then
 fi
 
 file_env "ADMIN_TOKEN"
+
+{{ if eq (env "SMTP_ENABLED") "1" }}
 file_env "SMTP_PASSWORD"
+{{ end }}
 
 # remove world permissions on data
 chmod -R o= /data
diff --git a/release/2.0.0+1.33.2 b/release/2.0.0+1.33.2
new file mode 100644
index 0000000..ff330ff
--- /dev/null
+++ b/release/2.0.0+1.33.2
@@ -0,0 +1,15 @@
+=== SMTP SETTINGS ===
+This release contains a *breaking change* if you use SMTP with vaultwarden.
+
+See https://git.coopcloud.tech/coop-cloud/vaultwarden/pulls/9 for more.
+
+TLDR; Please add `SMTP_ENABLED=1` to your .env to continue using SMTP.
+
+=== PERMISSIONS ===
+
+Previously, the data directory including the main private key had read
+permissions enabled for all host users. This release fixes that. Please review
+your Vaultwarden keys if other users on your Co-op Cloud host may have had
+access to these files.
+
+See https://git.coopcloud.tech/coop-cloud/vaultwarden/pulls/7 for more.