diff --git a/applications/cluster-resources/secrets/vault/values.ftl.yaml b/applications/cluster-resources/secrets/vault/values.ftl.yaml
index 0d270d515..c4ccc0f3c 100644
--- a/applications/cluster-resources/secrets/vault/values.ftl.yaml
+++ b/applications/cluster-resources/secrets/vault/values.ftl.yaml
@@ -16,7 +16,7 @@ global:
   - name: proxy-registry
 </#if>
 <#if config.features.secrets.vault.helm.image?has_content 
-  || url?has_content 
+  || host?has_content 
   || config.application.podResources == true>
 server:
 </#if>
diff --git a/src/main/groovy/com/cloudogu/gitops/config/ApplicationConfigurator.groovy b/src/main/groovy/com/cloudogu/gitops/config/ApplicationConfigurator.groovy
index 68e324959..7ca84ff5d 100644
--- a/src/main/groovy/com/cloudogu/gitops/config/ApplicationConfigurator.groovy
+++ b/src/main/groovy/com/cloudogu/gitops/config/ApplicationConfigurator.groovy
@@ -131,6 +131,15 @@ class ApplicationConfigurator {
             newConfig.scmm.ingress = new URL(injectSubdomain('scmm',
                     newConfig.application.baseUrl as String, newConfig.application.urlSeparatorHyphen as Boolean)).host
         }
+        // When specific user/pw are not set, set them to global values
+        if (newConfig.scmm.password === Config.DEFAULT_ADMIN_PW) {
+            newConfig.scmm.password = newConfig.application.password
+        }
+        if (newConfig.scmm.username === Config.DEFAULT_ADMIN_USER) {
+            newConfig.scmm.username = newConfig.application.username
+        }
+
+
     }
 
     private void addJenkinsConfig(Config newConfig) {
@@ -153,6 +162,13 @@ class ApplicationConfigurator {
             newConfig.jenkins.ingress = new URL(injectSubdomain('jenkins',
                     newConfig.application.baseUrl, newConfig.application.urlSeparatorHyphen)).host
         }
+        // When specific user/pw are not set, set them to global values
+        if (newConfig.jenkins.username === Config.DEFAULT_ADMIN_USER) {
+            newConfig.jenkins.username = newConfig.application.username
+        }
+        if (newConfig.jenkins.password === Config.DEFAULT_ADMIN_PW) {
+            newConfig.jenkins.password = newConfig.application.password
+        }
     }
 
     private void evaluateBaseUrl(Config newConfig) {
@@ -328,4 +344,6 @@ class ApplicationConfigurator {
             throw new RuntimeException(errorMessage, e)
         }
     }
+
+
 }
diff --git a/src/main/groovy/com/cloudogu/gitops/config/Config.groovy b/src/main/groovy/com/cloudogu/gitops/config/Config.groovy
index dba05d098..8f1047117 100644
--- a/src/main/groovy/com/cloudogu/gitops/config/Config.groovy
+++ b/src/main/groovy/com/cloudogu/gitops/config/Config.groovy
@@ -15,7 +15,8 @@ import picocli.CommandLine.Mixin
 import picocli.CommandLine.Option
 
 import static com.cloudogu.gitops.config.ConfigConstants.*
-import static picocli.CommandLine.ScopeType 
+import static picocli.CommandLine.ScopeType
+
 /**
  * The global configuration object.
  *
@@ -488,9 +489,10 @@ class Config {
     }
 
     static class MailSchema {
-        @Option(names = ['--mailhog', '--mail'], description = MAILHOG_ENABLE_DESCRIPTION, scope = ScopeType.INHERIT)
+
         Boolean active = false
 
+        @Option(names = ['--mailhog', '--mail'], description = MAILHOG_ENABLE_DESCRIPTION, scope = ScopeType.INHERIT)
         @JsonPropertyDescription(MAILHOG_ENABLE_DESCRIPTION)
         Boolean mailhog = false
 
diff --git a/src/main/groovy/com/cloudogu/gitops/scmm/ScmmRepo.groovy b/src/main/groovy/com/cloudogu/gitops/scmm/ScmmRepo.groovy
index 09ea8b291..3e5077afb 100644
--- a/src/main/groovy/com/cloudogu/gitops/scmm/ScmmRepo.groovy
+++ b/src/main/groovy/com/cloudogu/gitops/scmm/ScmmRepo.groovy
@@ -36,8 +36,8 @@ class ScmmRepo {
     ScmmRepo(Config config, String scmmRepoTarget, FileSystemUtils fileSystemUtils) {
         def tmpDir = File.createTempDir()
         tmpDir.deleteOnExit()
-        this.username = config.scmm.internal ? config.application.username : config.scmm.username
-        this.password = config.scmm.internal ? config.application.password : config.scmm.password
+        this.username = config.scmm.username
+        this.password = config.scmm.password
         this.scmmUrl = "${config.scmm.protocol}://${config.scmm.host}"
         this.scmmRepoTarget = scmmRepoTarget.startsWith(NAMESPACE_3RD_PARTY_DEPENDENCIES) ? scmmRepoTarget :
                 "${config.application.namePrefix}${scmmRepoTarget}"
diff --git a/src/test/groovy/com/cloudogu/gitops/features/VaultTest.groovy b/src/test/groovy/com/cloudogu/gitops/features/VaultTest.groovy
index 159278c75..61ab649b0 100644
--- a/src/test/groovy/com/cloudogu/gitops/features/VaultTest.groovy
+++ b/src/test/groovy/com/cloudogu/gitops/features/VaultTest.groovy
@@ -64,14 +64,23 @@ class VaultTest {
     @Test
     void 'uses ingress if enabled'() {
         config.features.secrets.vault.url = 'http://vault.local'
-        // Also set image to make sure ingress and image work at the same time under the server block
-        config.features.secrets.vault.helm.image = 'localhost:5000/hashicorp/vault:1.12.0'
         createVault().install()
 
         def ingressYaml = parseActualYaml()['server']['ingress']
         assertThat(ingressYaml['enabled']).isEqualTo(true)
         assertThat((ingressYaml['hosts'] as List)[0]['host']).isEqualTo('vault.local')
     }
+    
+    @Test
+    void 'uses ingress if enabled and image set'() {
+        config.features.secrets.vault.url = 'http://vault.local'
+        // Also set image to make sure ingress and image work at the same time under the server block
+        //config.features.secrets.vault.helm.image = 'localhost:5000/hashicorp/vault:1.12.0'
+        createVault().install()
+
+        def ingressYaml = parseActualYaml()['server']['ingress']
+        assertThat(ingressYaml['enabled']).isEqualTo(true)
+    }
 
     @Test
     void 'does not use ingress by default'() {