Hello, I am using Ory Hydra in my application. Cur...
# generalb
broad-wolf-22440
07/21/2025, 11:37 AMHello, I am using Ory Hydra in my application. Currently, the TLS certificate and key can be provided either as file paths or as base64-encoded content in the Ory Hydra configuration file. Is there a way to supply the TLS certificate and key via the command-line interface, either as file paths or base64 content?
s
steep-lamp-91158
07/21/2025, 1:14 PM
You can set all config values as environment variables https://www.ory.sh/docs/ecosystem/configuring#loading-configuration-from-environment-variables
b
broad-wolf-22440
07/21/2025, 1:15 PMBut I want to set the configuration temporarily, because from UI users can change the configuration
s
steep-lamp-91158
07/21/2025, 1:21 PM
That's not possible in self hosted.
steep-lamp-91158
07/21/2025, 1:21 PM
But all config files are hot-reloaded
steep-lamp-91158
07/22/2025, 1:18 PM
Did you find a solution? I don't quite get the problem you are trying to solve, maybe you can expand on that so we can help better.
b
broad-wolf-22440
07/22/2025, 1:37 PMIn our application, we initially generate a default TLS certificate and store it in memory to establish a secure TLS connection with Ory Hydra. Once the client uploads their own TLS certificate, we save it to the file system and use that certificate for all subsequent connections.
s
steep-lamp-91158
07/22/2025, 2:03 PM
You should be able to just update the config file. Probably the better option though would be to do TLS termination in a dedicated component (potentially your WAF), as that would be more flexible especially when you scale Hydra.