Selecting Cipher Algorithm
Currently, the Ory Identity Service (Kratos) supports encryption and decryption for OIDC tokens only. You can choose one of these algorithms:
Noop
Noop is the default cipher. It doesn't use an algorithm, which means that you don't need to set secrets.
path/to/kratos/config.yml
ciphers:
algorithm: noop
XChaCha20 Poly1305
Apply the following configuration to use XChaCha20 Poly1305:
path/to/kratos/config.yml
secrets:
cipher:
- 32-CHARACTER-LONG-STRING-SECRET
ciphers:
algorithm: xchacha20-poly1305
You must set up secrets key rotation. Secrets must be 32-character-long strings.
AES
Apply the following configuration to use AES:
path/to/kratos/config.yml
secrets:
cipher:
- 32-CHARACTER-LONG-STRING-SECRET
ciphers:
algorithm: aes
You must set up secrets key rotation. Secrets must be 32-character-long strings.