https://www.ory.sh/ logo
#talk-kratos
Title
# talk-kratos
p

polite-electrician-27480

02/27/2022, 7:52 PM
Could anyone help me understand the
secrets.cookie
and
secrets.cipher
parameters in kratos configuration? What algorithm does kratos use for encrypting cookies? How to securely generate these secrets and how frequently should we rotate them? Pointing to the code will help too, I don't find a lot of details in the reference section. Thanks
seems like kratos is using AES for encryption and using the library https://github.com/gtank/cryptopasta
But then I don't understand how will one provide the key in bytes in a config string? Bytes are not all printed chars
and what are we encrypting using
secrets.cipher
?
2 Views