To set an identity recovery email address from an email in the identity traits, you need to specify it in the identity schema. The email address used for recovery is usually the same as the one provided by the user when registering their account. Here is an example of how to specify a trait of the identity to be used for recovery:

json {     "$id": "<https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json>",     "$schema": "<http://json-schema.org/draft-07/schema#>",     "title": "Person",     "type": "object",     "properties": {     "traits": {     "type": "object",     "properties": {     "email": {     "type": "string",     "format": "email",     "<http://ory.sh/kratos|ory.sh/kratos>": {     "credentials": {     "password": {     "identifier": true     }     },     "recovery": {     "via": "email"     }     }     }     }     "additionalProperties": false     }     }   }

In this schema, the

email

field under

traits

is specified as the recovery address. The

"recovery": { "via": "email" }

part indicates that the recovery method is via email. If the email address used for recovery is the same as the email used for verification and the account isn't activated when the recovery flow is started, completing the recovery flow also verifies the user's email address. For more information, you can refer to the [Ory documentation](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset#account-recovery-address).

To set the recovery address for existing accounts using the existing email, you can initiate an account recovery flow for the user account. This can be done using the admin API endpoints. Here are the steps to follow: 1. Trigger account recovery for the user account you want to set the recovery address for. This can be done by sending a POST request to the

/self-service/recovery

endpoint.

bash curl -X POST -H 'Content-Type: application/json' \    -H 'Accept: application/json' \    -d '{"method":"code","email":"[email protected]","csrf_token":"your-csrf-token"}' \    -b cookies.txt \    "https://{project.slug}.<http://projects.oryapis.com/self-service/recovery?flow=<your-flow-id|projects.oryapis.com/self-service/recovery?flow=<your-flow-id>>"

2. Get the recovery link from the API response and send it to the user's email address. 3. The user performs account recovery which forces them to define new credentials. 4. The user gets a fully functional account with the credentials they defined. Please note that if the recovery flow initiated through the admin API expires, users without a recovery address can't start the flow again by themselves. For more information, you can refer to the [Ory documentation](https://www.ory.sh/docs/kratos/manage-identities/invite-users) and [Ory API reference](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#submit-recovery-flow).

To set the recovery email address in the Kratos database, you can import a list of

recovery_addresses

similar to

verifiable_addresses

. However, it's recommended to let the identity schema handle setting the appropriate fields since there is no status to set for this address type. Here is an example of how you can import recovery addresses:

json {   "traits": {     "email": "[email protected]"   },   "recovery_addresses": [     {       "value": "[email protected]",       "via": "email"     }   ] }

In this example, the

recovery_addresses

field is an array of objects, each containing a

value

(the recovery email address) and

via

(the method of recovery, in this case, email). Please note that it's not recommended to set these fields as they will be overwritten by other self-service flows. For more information, you can refer to the [Ory documentation](https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#importing-recovery-addresses).