Ask AI is now on the home page — ask a question and get a sourced answer from the Ory docs. You'll also find it in the bottom-right corner of any page.

Skip to main content

Cipher algorithm settings

Currently, the Ory Identities (Kratos) supports encryption and decryption for OIDC tokens only. You can choose one of these algorithms:

Noop

Noop is the default cipher. It doesn't use an algorithm, which means that you don't need to set secrets.

ciphers:
algorithm: noop

XChaCha20 Poly1305

Apply the following configuration to use XChaCha20 Poly1305:

secrets:
cipher:
- 32-CHARACTER-LONG-STRING-SECRET
ciphers:
algorithm: xchacha20-poly1305

You must set up secrets key rotation. Secrets must be 32-character-long strings.

AES

Apply the following configuration to use AES:

secrets:
cipher:
- 32-CHARACTER-LONG-STRING-SECRET
ciphers:
algorithm: aes

You must set up secrets key rotation. Secrets must be 32-character-long strings.