Skip to main content

Going to Production

warning

This document is still in development.

Database

Ory Kratos requires a production-grade database such as PostgreSQL, MySQL, CockroachDB. Don't use SQLite in production!

Security

When preparing for production it's paramount to omit the --dev flag from kratos serve.

HTTP Clients

In some scenarios you might want to disallow HTTP calls to private IP ranges. To configure this feature, set the following configuration:

clients:
http:
disallow_private_ip_ranges: true

If enabled, all outgoing HTTP calls done by Ory Kratos will be checked whether they're against a private IP range. If that's the case, the request will fail with an error.

Admin API

Never expose the Ory Kratos Admin API to the internet unsecured. Always require authorization. A good practice is to not expose the Admin API at all to the public internet and use a Zero Trust Networking Architecture within your intranet.

Scaling

There are no additional requirements for scaling Ory Kratos, just spin up another container!