Hey everyone, just looking for how others are handling Ory Network development locally. I understand there is the Ory Proxy\Ory Tunnel and that can be started via the CLI but having every dev manually login and start either of those when they need to work locally doesn’t work for us. We also require that every developer has their own unique auth development environment. Currently we’ve set up the tunnel in a Docker container using this flow: • Docker container starts and runs an Expect script that logs a user in with credentials in an .env file (similar to this Ory Github action) • Docker container then checks if the user has a local development project via grep, ex:

if ory list projects | grep -q local-dev-sandbox; then
    echo "Development sandbox project already exists, skipping..."
else
    ory create project --name "local-dev-sandbox"
fi

• The tunnel is then started for that project allowing the Ory APIs to be accessible locally This allows developers to pull this repo once, add their credentials to the .env, and have an open tunnel to a development project that runs alongside our other dockerized applications. The main question I have is how do we keep this local development project in sync with our staging and production applications? We are managing our Ory configuration in Git, and I see a potential solution here but it just feels incredibly janky. We’re using env var replacement but it requires pulling the unique values (domains, etc) from the development project first and ensure those are in an env file when applying the configuration to the dev project and things just feel very fragile. We’re considering just self hosting containers locally and using Ory Network in higher environments, but we’re worried about a config drift in that case as well as it doesn’t seem like the config settings at 1:1 between Network and Ory Hydra\Kratos\Keto\Oathkeeper. Another solution is to have the developers share a development environment, but the worry there is that a single change could break auth locally for all other developers and that’s a non-starter. If anyone else can share their experience working with Ory Network locally that would be much appreciated.

One issue with "syncing" config is that you sometimes want different configs when you want to experiment with other values, or have different URLs set up. As part of your startup script you can also import config from a json/yaml file that is part of the repo, so that the project is always up-to-date with the current state of the branch. Just my thoughts, obviously depends on your case.

I had the a very similar need and wrote some articles on how to solve it. In a nutshell: 1. I use Ory Kratos and Keto Docker containers locally with some configuration template files. So the environment is well isolated for each developer and for end-to-end tests. 2. When moving to Ory Network, the configuration templates are filled with environment variables and concatenated in a single file to update the tenant config. 3. The environment variables are shared between developers and remote environments using Dotenv.org. Each stage (local, test, ci, staging, production) have their own file and isolated values. It can become a bit more complex to manage when your backend apps must be accessed from the public network. In that case you might have to use a tunnel and each developer will have to configure its own domain and regenerate the configuration files. In case you want to read more about the process: • part 1 (local setup) • part 2 (transition Ory Network)

Big thanks @billowy-actor-35983, will definitely read those over. We’re also using NestJS so appreciate you passing these along

Ow! In that case you might discover some extra helpful tools on the way there 🙂