diff --git a/Netgrimoire/Audits/authentik-2026-05-04.md b/Netgrimoire/Audits/authentik-2026-05-04.md
new file mode 100644
index 0000000..f5a141a
--- /dev/null
+++ b/Netgrimoire/Audits/authentik-2026-05-04.md
@@ -0,0 +1,32 @@
+---
+title: Audit - authentik.yaml
+description: Gremlin audit report 2026-05-04
+published: true
+date: 2026-05-04T11:05:20.837Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-05-04T11:05:20.837Z
+---
+
+# Audit Report — authentik.yaml
+
+**Date:** 2026-05-04  
+**File:** swarm/authentik.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+PASS: Homepage labels are correctly specified.
+
+FAIL: Uptime Kuma labels (kuma.<n>.http.name, kuma.<n>.http.url) are missing.
+
+PASS: Caddy labels on exposed services are correctly set with domain and reverse proxy configuration.
+
+PASS: Placement constraints include node.hostname == znas ensuring service is deployed only on the znas node.
+
+FAIL: Volume paths are mostly correctly formatted but contain spaces which should be avoided. For example, /DockerVol/Authentik/media should be corrected to /DockerVol/Authentik/media.
+
+PASS: Network authentik references an external netgrimoire overlay as expected.
+
+VERDICT: FAIL
\ No newline at end of file