Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

I want to track my Ory configuration in source control, but I of course can't store OIDC tokens in git. Is there any recommended approach for this before I overengineer something

you could check them in encrypted, and use some kind of key management to share the keys
e.g. <https://cloud.google.com/sdk/gcloud/reference/kms>

Thanks for the response! I'm less wondering how to securely store secrets and more wondering if there's a recommended way to keep the identity config in source control without having the secrets directly in it.

Is there a way to tell Ory to "leave these values as is" when updating project with an identity config file?

Or an ideal way of substituting external strings into the file? Currently I'm using jsonnet for this but I'd love a way of doing it with just the Ory CLI