Skip to main content

Cipher algorithm settings

Currently, the Ory Identities (Kratos) supports encryption and decryption for OIDC tokens only. You can choose one of these algorithms:

Noop

Noop is the default cipher. It doesn't use an algorithm, which means that you don't need to set secrets.

ciphers:
algorithm: noop

XChaCha20 Poly1305

Apply the following configuration to use XChaCha20 Poly1305:

secrets:
cipher:
- 32-CHARACTER-LONG-STRING-SECRET
ciphers:
algorithm: xchacha20-poly1305

You must set up secrets key rotation. Secrets must be 32-character-long strings.

AES

Apply the following configuration to use AES:

secrets:
cipher:
- 32-CHARACTER-LONG-STRING-SECRET
ciphers:
algorithm: aes

You must set up secrets key rotation. Secrets must be 32-character-long strings.