Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Could anyone help me understand the `secrets.cookie` and `secrets.cipher` parameters in kratos configuration? What algorithm does kratos use for encrypting cookies? How to securely generate these secrets and how frequently should we rotate them? Pointing to the code will help too, I don't find a lot of details in the reference section. Thanks

seems like kratos is using AES for encryption and using the library <https://github.com/gtank/cryptopasta>

But then I don't understand how will one provide the key in bytes in a config string? Bytes are not all printed chars

and what are we encrypting using `secrets.cipher`?