Quickstart
This guide explains how to run Ory software if you have purchased an Ory Enterprise License.
Prerequisites
To be able to run an enterprise build, you need:
- A valid Ory Enterprise License.
- Access to the Ory Enterprise Docker Registry.
- CockroachDB Enterprise (community version is not supported).
Support for MySQL and PostgreSQL is available as well, but some features will be unavailable. Please contact the team to talk about your use case.
Ory Enterprise builds are not available for public download and require a license agreement with Ory to run.
Ory Hydra Enterprise License
The Ory Hydra Enterprise license includes additional features and support for enterprise customers:
- Resource Owner Password Credentials grant.
- Ability to customize access, refresh token, and authorization code prefixes.
- Regular releases addressing CVEs and security vulnerabilities.
When using CockroachDB Enterprise:
- Support for multi-region failover with regulatory compliance around private data (for example GDPR).
- Database sharding for high scalability and availability.
- Zero-downtime migrations.
- Automatic clean up of stale records - no Hydra Janitor needed.
Ory Oathkeeper Enterprise License
The Ory Oathkeeper Enterprise license includes additional features and support for enterprise customers:
- Regular releases addressing CVEs and security vulnerabilities.
Ory Kratos Enterprise License
The Ory Kratos Enterprise license includes additional features and support for enterprise customers:
- Regular releases addressing CVEs and security vulnerabilities.
Ory Hydra Docker Registry
There are two Docker registries available in different regions:
- us:
us-docker.pkg.dev/ory-artifacts/ory-enterprise/hydra-oel - eu:
europe-docker.pkg.dev/ory-artifacts/ory-enterprise/hydra-oel
Image tags:
| Image Tag | Release Date |
|---|---|
| d4f640cf72989adf24ba153919ede18d4cddc98e | 2025-05-27 |
| 86516686797493772d75d3ab118e2107607b530c | 2025-05-23 |
| a4de81abb7c19ee1c227aca07d43b5693252003a | 2025-05-21 |
| e85c1a42ff8bf17f38d9b62abf6e8f33432c7f2a | 2025-05-16 |
| e4fa9d0244d703c844843fc9a07f236013412894 | 2025-05-05 |
| 40a5e4e273445838a7cb10579c0bbcf6b43be51c | 2025-04-22 |
| 2e109bde0929be56c99a1fdfd071cca71cff0027 | 2025-04-16 |
| 07a33841df96ebce3e61015c63c33ccfa6e245f1 | 2025-04-08 |
| f9189059fadf9f4ea7e8961b05d26836673e95ab | 2025-04-08 |
| 50b7f9d3f9b3bfe9258a777bfe96efffdbeb6fd8 | 2025-04-01 |
| 8825ef2357bc9485f39bbcfd695f2dcab51e2b2f | 2025-03-31 |
| 367fce6d847b7bdba50515705ae75c9c56cbec6a | 2025-03-27 |
| ba208705029b9a015a72206e348c39bd814fcd0c | 2025-03-20 |
| 25c058e5a20b8524361ecd6f8e185622745c8f79 | 2025-03-14 |
| 22c323f50880f0227915c536f5eefa106e9387d7 | 2025-03-12 |
| b225881c54ea601c1e925f1f142c1ab373336c9c | 2025-03-11 |
| a670e7889d09bf51ef1e69d29ca61611e1b0e802 | 2025-03-06 |
| 3941aaf70247f3d315e545956be38de70b14c044 | 2025-03-04 |
| 76b6f8eb08f8371d99109cfc60da26d23bcd8b52 | 2025-02-28 |
| 429289a6c08b5619c86e34313376b597131108fc | 2025-02-24 |
| 19f3f0fbbfb9cb48788789c47352ce8f582ea64c | 2025-02-21 |
| 569c06b47e9ccd9548afa71d22e7ba4e3b1d5b01 | 2025-02-14 |
| e17b2ea61cc69e70f252e384d5ccbac83e504ced | 2025-02-12 |
| 29c1dd6b0b5d0b991019e2730f4efd4fce86fa48 | 2025-02-04 |
| 35ba5a70b32d69c3b623f312f985f69a54f71029 | 2025-01-31 |
| e879d83cd5cc0cba4a0ec3399ef32f252c220b0e | 2025-01-30 |
| ea5c69132fe43cfe35e2e8f068906a652936d329 | 2025-01-30 |
| 9f377c2778e987aaeded444309f61361559d04ea | 2025-01-22 |
| 139630050d4da09c6ea58e937ae923a27aed078f | 2025-01-16 |
| 4e1c5d215f165a3b186b13fbbf3ecf0206fba92d | 2025-01-16 |
| edabe30a788945411489409852bca93a60e18837 | 2025-01-02 |
| f941460ee49d64a9653ba6886700d05c1e729b9d | 2024-12-24 |
| 3c860bb15843a99056e2e9ce469f935a4e68f790 | 2024-12-20 |
| 2ec082f971c8a85f325db338e63889017b81bf6f | 2024-12-18 |
| 4de7ed84637c14f9ae3b85175156c837e472ced0 | 2024-12-16 |
| 6323ac2d73b302898ad2f415b28a0c87293e7eb1 | 2024-12-10 |
| a1201e72919f47cb7e6dd0c6eba8db8266ed7045 | 2024-11-29 |
| 2575b683dcff45af2d18e7ed23a2a7aca3eea5d4 | 2024-11-25 |
| 94d6dfba9d81c00ff03ad61a0005e93a974a03f7 | 2024-11-12 |
| 69efdbbb45f642b5b142426a03a255f39e276689 | 2024-11-05 |
| f5eb2f3ae6c3ece3e00dc68c5e8743de7e9f1117 | 2024-11-05 |
| 83f53137a823ee0ace7e2ae94e7823caa036b800 | 2024-10-17 |
| 14f390f978b2ebcdc8e181ac04f9978a397e21d2 | 2024-10-11 |
| a22eff120ff38ee4596ed3afddb4ca4307b1adbb | 2024-10-07 |
| 75ade08cd441f43f7771ed4f11417a30ff0b31ac | 2024-09-27 |
| e2439391378f3abd513fb13847bc6a1b5f0157f1 | 2024-09-26 |
| 52ebf819f5538176c7ac1c4afc953123e8f0d3bf | 2024-09-24 |
| c35bfb780da7ddacba23f31b5e1634fa155af9c9 | 2024-09-19 |
| 20b15ef54f30d3d43a5d04bcdb7fd1d1f3fa2832 | 2024-09-10 |
| ce413707a03c4551b3f0bbe2e1e9c929a7e0b025 | 2024-09-05 |
| bf4441cc6dc1f8e8387173ae8f1396395dc1f433 | 2024-08-30 |
| 9b96c2507f9f17f639f73c2a9284f32bf63cd9d8 | 2024-08-27 |
| 1f407d0b2035e50812e6888a71b772530d17fc7a | 2024-08-12 |
| 04858989138f4b09c2b9b9676e3641326d96b1a6 | 2024-08-02 |
| 0fd87c560867f19ab12276edf258e42c4688454a | 2024-07-24 |
| 470aebc3ab2d4c225ca14ab8b1a12809f51b7eb3 | 2024-07-18 |
| 73a77968be31cbcba18b02918a8c11343a1fa038 | 2024-07-04 |
| 1578667fa246c374ca85c5eadbf49cc53a296775 | 2024-06-26 |
| f832e165e187e49657229902c13ad30c4cf10d0b | 2024-06-20 |
| f066fc62fc37ee1d28b4f2973faaa2bc098fc952 | 2024-06-18 |
| 39bbe4e0d99d40d5c4feb97321fc68b20f02a7ae | 2024-06-14 |
| f2ead7db68e8af72dbd1ab099fbaa6bf0f0ec8c3 | 2024-06-12 |
| 897e224960bb8677edf3344bd51c9edd779e9da7 | 2024-06-05 |
Ory Oathkeeper Docker Registry
This is Docker registries available in the EU region:
europe-docker.pkg.dev/ory-artifacts/ory-enterprise-oathkeeper/oathkeeper-oel
Image tags:
| Image Tag | Release Date |
|---|---|
| 936e2f934cae31d47939e342dcc1e8c5f6f81fe7 | 2025-05-05 |
Image tags:
| Image Tag | Release Date |
|---|---|
| d4f640cf72989adf24ba153919ede18d4cddc98e | 2025-05-27 |
Docker
Enterprise Docker images are kept in a private registry that requires authorization. An authorization key is provided for each
customer separately. The next steps assume that the key is stored in keyfile.json.
To authenticate to docker registry execute:
gcloud auth activate-service-account --key-file=keyfile.json
gcloud auth configure-docker europe-docker.pkg.dev
To run the Ory Hydra Enterprise build, you need to set the DSN environment variable to the
database connection string and provide a configuration file.
Before deploying the service, you need to apply SQL migrations:
docker run -e DSN=cockroach://... europe-docker.pkg.dev/ory-artifacts/ory-enterprise/hydra-oel -- migrate sql -e -f /path/to/config.yaml
Now you will be able to start the service:
docker run -e DSN=cockroach://... europe-docker.pkg.dev/ory-artifacts/ory-enterprise/hydra-oel -- serve all -f /path/to/config.yaml
Kubernetes
Setup Ory helm repository:
helm repo add ory https://k8s.ory.sh/helm/charts
helm repo update
Create ory namespace:
kubectl create namespace ory
Use the following command to create a kubernetes secret containing image registry credentials:
kubectl create secret docker-registry ory-oel-gcr-secret \
--docker-server=europe-docker.pkg.dev \
--docker-username=_json_key \
--docker-password="$(cat keyfile.json)" \
--namespace ory
Create kubernetes secret containing DSN and hydra secret values:
apiVersion: v1
kind: Secret
metadata:
name: ory-oel-hydra-secret
namespace: ory
data:
dsn: cockroach://
# https://www.ory.sh/docs/hydra/reference/configuration
secretsCookie:
secretsSystem:
Create a values.yaml file to customize the configuration:
image:
repository: europe-docker.pkg.dev/ory-artifacts/ory-enterprise/hydra-oel
tag: <replace-with-current-image-tag>
imagePullSecrets:
- name: ory-oel-gcr-secret
maester:
enabled: false
hydra:
automigration:
enabled: true
serviceMonitor:
enabled: true
secret:
enabled: false
nameOverride: "ory-oel-hydra-secret"
config:
# --hydra config--
# https://www.ory.sh/docs/hydra/reference/configuration
Install Ory Hydra
helm install ory-oel-hydra ory/hydra --namespace ory --create-namespace -f values.yaml