Skip to main content

Cipher algorithm settings

Currently, the Ory Identities (Kratos) supports encryption and decryption for OIDC tokens only. You can choose one of these algorithms:

Noop

Noop is the default cipher. It doesn't use an algorithm, which means that you don't need to set secrets.

ciphers:
  algorithm: noop

XChaCha20 Poly1305

Apply the following configuration to use XChaCha20 Poly1305:

secrets:
  cipher:
    - 32-CHARACTER-LONG-STRING-SECRET
ciphers:
  algorithm: xchacha20-poly1305

You must set up secrets key rotation. Secrets must be 32-character-long strings.

AES

Apply the following configuration to use AES:

secrets:
  cipher:
    - 32-CHARACTER-LONG-STRING-SECRET
ciphers:
  algorithm: aes

You must set up secrets key rotation. Secrets must be 32-character-long strings.

Ory Network

The most flexible and scalable way to manage identi­ties, authen­tication, autho­rization and access control.Explore Ory Network

Explore Ory Network