Skip to main content

Going to production


This document is still in development.


Ory Kratos requires a production-grade database such as PostgreSQL, MySQL, CockroachDB. Don't use SQLite in production!


When preparing for production it's paramount to omit the --dev flag from kratos serve.

HTTP clients

In some scenarios you might want to disallow HTTP calls to private IP ranges. To configure this feature, set the following configuration:

disallow_private_ip_ranges: true

If enabled, all outgoing HTTP calls done by Ory Kratos will be checked whether they're against a private IP range. If that's the case, the request will fail with an error.

Admin API

Never expose the Ory Kratos Admin API to the internet unsecured. Always require authorization. A good practice is to not expose the Admin API at all to the public internet and use a Zero Trust Networking Architecture within your intranet.


There are no additional requirements for scaling Ory Kratos, just spin up another container!