Is there any plan to release a new version of krat...
# general
g
Is there any plan to release a new version of kratos soon? when using the oss version of kratos in dev and staging we are missing some features that are in the ory network. This would make development much easier and as far as I can see there has been no OSS release for 7 months. @high-optician-2097 @magnificent-energy-493
m
Hello @gray-branch-78361 there are no concrete timelines for OSS releases of Ory, generally we aim to have a release 2-3 times per year - sometimes it takes longer because of other priorities.
we also offer the "Ory Enterprise License" version for Ory Kratos, that gets weekly releases, plus many features that are not part of OSS version
g
I totally understand that, is there a way the community could support these efforts? And as I wrote we are using ory network already but we are not happy with the usage of dev and staging environments, automation is on this level extremely poor so we use OSS version for that.
m
hm maybe the better solution then would be to improve the automation for dev and staging environments? do you have some notes on where you see the biggest issues and what your preferred solution would be?
j
We also have this issue -- we use self-hosted for local dev and preview deployments, which are not easily automatable without just hosting a self-hosted instance, but with a docker container we can just deploy each one ephemerally (as is de-facto standard in many self-hostable saas products -- see Hasura or Next.js for an example of models that work well for product development). There's no local config for this that can then be deployed with our normal ci/cd when we change configs though, which means we have to manually update each environment, which is extremely fragile. This is one (of many) reasons we're considering switching to another solution like betterauth and hanko.
g
@jolly-ocean-26344 yes exactly this brings it to the point. If you really need to build a serious platform on top of it, fragile is the last thing you want to hear. And having no automation + putting a lot work into it + paying for a service is a bad combo anyway.
h
What exactly is missing/preventing you from using a dev project in ory for your testing? And what are you testing concretely?
I assume something like getting a fake session to see if your app works when you‘re authed? Kratos itself has a lot of tests so typically you wouldn’t test those flows yourself
g
No, that's not the problem. We need to have reproducible environments like automatically adding email templates, identity scheme, setting up all the Kratos configuration in a declarative way, Keto configuration and namespaces the same way and also for Hydra. We also want to have domain mapping declarative and fully automated. Adding users in an API driven way is also relevant. Configuring webhooks for hydra and kratos. And there are many more details that prevent us from using Ory Network in development and staging. All these problems are perfectly solved with OSS, so when we started to integrate testing into ory network 1 dev worked on it for 2 full weeks only to realise that it is not fully solvable. Some things are possible via CLI, but it's very clear that there are gaps between frontend, CLI and API... And since these problems don't exist in OSS, we don't want to invest development resources in something that is artificially created.
h
So it's more about enabling your development flow and CI? And there you need to talk to the upstream service to e.g. do some permission checking? How are you doing this with other SaaS providers like Stripe etc? I genuinely want to understand the issue because I know that automation is really nice for dev flows
g
stripe has 100% api coverage + the possibility of using sandboxes so no issues here
h
So which APIs are you missing to do the same with Ory?
g
basically everything i can do in the kratos, keto, hydra config.
h
But we have the ability for you to import and export configs in Ory Network too? You can do
ory get identity-config --format yaml
for example to get the kratos config and you can also use it to import configs
(and obv that's an api behind it)
Or is there some specific config flag missing?
g
h
What I have on my list is to reduce the anti-automation and maybe introduce a new environment type like "testing" or something where, if you have a paid workspace, you disable some security measures like bot scores to make automation a bit easier
g
ok i would need to check this. In any case visibility is not there for a customer.
what about email templates?
h
It's documented, so maybe just a matter of finding it? https://www.ory.sh/docs/guides/cli/identity-cli Maybe check it out!
The CLI uses in the background the PATCH/PUT/... endpoints of the project group!
I think what's missing is maybe a guide to make it clear how to set up envs for CI testing. It's on the long list of todos 🙂
g
it's great if it works for sure, but almost impossible to find 😉
is it possible to change things like hashers to argon2?
h
Yeah, we still have work to do to make things in the docs more visible and better structured. It's a never ending story 😉 But it sounds like that would solve your issue and get your prod/stage on par with other things.
g
or are there limitations in terms of the configuration?
h
For specifics, please check out the docs or try it out yourself 🙂 I would need to do the same to answer you definitively! Generally speaking, we don't allow low level system configuration like changing the port, as obviously you're anyways consuming it via our domain and HTTPS stuff.
g
ok so you are basically parsing it and not injecting it into your system directly?
h
There's a layer inbetween to also make things backwards compatible etc, remove stuff like overwriting the database etc
g
ok makes sense! Thank you