Skip to main content

hydra janitor

hydra janitor

Clean the database of old tokens, login/consent requests and jwt grant issuers


This command will cleanup any expired oauth2 tokens as well as login/consent requests. This will select records to delete with a limit and delete records in batch to ensure that no table locking issues arise in big production databases.


This command is in beta. Proceed with caution!

This is a destructive command and will purge data directly from the database. Please use this command with caution if you need to keep historic data for any reason.


Janitor can be used in several ways.

  1. By passing the database connection string (DSN) as an argument Pass the database url (dsn) as an argument to janitor. E.g. janitor <database-url>

  2. By passing the DSN as an environment variable

    export DSN=...
    janitor -e
  3. By passing a configuration file containing the DSN janitor -c /path/to/conf.yml

  4. Extra optional parameters can also be added such as

    janitor --keep-if-younger 23h --access-lifespan 1h --refresh-lifespan 40h --consent-request-lifespan 10m &lt;database-url&gt;
  5. Running only a certain cleanup

    janitor --tokens &lt;database-url&gt;


    janitor --requests &lt;database-url&gt;


    janitor --grants &lt;database-url&gt;

    or any combination of them

    janitor --tokens --requests --grants &lt;database-url&gt;
hydra janitor [<database-url>] [flags]


      --access-lifespan duration            Set the access token lifespan e.g. 1s, 1m, 1h.
--batch-size int Define how many records are deleted with each iteration. (default 100)
-c, --config strings Path to one or more .json, .yaml, .yml, .toml config files. Values are loaded in the order provided, meaning that the last config file overwrites values from the previous config file.
--consent-request-lifespan duration Set the login/consent request lifespan e.g. 1s, 1m, 1h
--grants This will only run the cleanup on trust relationships and will skip requests and token cleanup.
-h, --help help for janitor
--keep-if-younger duration Keep database records that are younger than a specified duration e.g. 1s, 1m, 1h.
--limit int Limit the number of records retrieved from database for deletion. (default 10000)
-e, --read-from-env If set, reads the database connection string from the environment variable DSN or config file key dsn.
--refresh-lifespan duration Set the refresh token lifespan e.g. 1s, 1m, 1h.
--requests This will only run the cleanup on requests and will skip token and trust relationships cleanup.
--tokens This will only run the cleanup on tokens and will skip requests and trust relationships cleanup.


  • hydra - Run and manage Ory Hydra