Quickstart
This guide explains how to run Ory software if you have purchased an Ory Enterprise License.
Prerequisites
To be able to run an enterprise build, you need:
- A valid Ory Enterprise License.
- Access to the Ory Enterprise Docker Registry.
- CockroachDB Enterprise (community version is not supported).
- Support for MySQL and PostgreSQL is available as well, but some features will be unavailable.
Ory Enterprise builds are not available for public download and require a license agreement with Ory to run.
Ory Hydra Enterprise Build
The Ory Hydra Enterprise build includes additional features and support for enterprise customers:
- Resource Owner Password Credentials grant.
- Ability to customize access, refresh token, and authorization code prefixes.
- Regular releases addressing CVEs and security vulnerabilities.
When using CockroachDB Enterprise:
- Support for multi-region failover with regulatory compliance around private data (for example GDPR).
- Database sharding for high scalability and availability.
- Zero-downtime migrations.
- Automatic clean up of stale records - no Hydra Janitor needed.
Docker Registry
There are two Docker registries available in different regions:
- us: us-docker.pkg.dev/ory-artifacts/ory-enterprise-us/hydra-oel
- eu: europe-docker.pkg.dev/ory-artifacts/ory-enterprise/hydra-oel
Image tags:
| Image Tag | Release Date | 
|---|---|
| 897e224960bb8677edf3344bd51c9edd779e9da7 | 2024-06-05 | 
| f2ead7db68e8af72dbd1ab099fbaa6bf0f0ec8c3 | 2024-06-12 | 
| 39bbe4e0d99d40d5c4feb97321fc68b20f02a7ae | 2024-06-14 | 
| f066fc62fc37ee1d28b4f2973faaa2bc098fc952 | 2024-06-18 | 
| f832e165e187e49657229902c13ad30c4cf10d0b | 2024-06-20 | 
| 1578667fa246c374ca85c5eadbf49cc53a296775 | 2024-06-26 | 
| 73a77968be31cbcba18b02918a8c11343a1fa038 | 2024-07-04 | 
| 470aebc3ab2d4c225ca14ab8b1a12809f51b7eb3 | 2024-07-18 | 
| 0fd87c560867f19ab12276edf258e42c4688454a | 2024-07-24 | 
| 04858989138f4b09c2b9b9676e3641326d96b1a6 | 2024-08-02 | 
| 1f407d0b2035e50812e6888a71b772530d17fc7a | 2024-08-12 | 
| 9b96c2507f9f17f639f73c2a9284f32bf63cd9d8 | 2024-08-27 | 
| bf4441cc6dc1f8e8387173ae8f1396395dc1f433 | 2024-08-30 | 
| ce413707a03c4551b3f0bbe2e1e9c929a7e0b025 | 2024-09-05 | 
| 20b15ef54f30d3d43a5d04bcdb7fd1d1f3fa2832 | 2024-09-10 | 
| c35bfb780da7ddacba23f31b5e1634fa155af9c9 | 2024-09-19 | 
| 52ebf819f5538176c7ac1c4afc953123e8f0d3bf | 2024-09-24 | 
| e2439391378f3abd513fb13847bc6a1b5f0157f1 | 2024-09-26 | 
| 75ade08cd441f43f7771ed4f11417a30ff0b31ac | 2024-09-27 | 
| a22eff120ff38ee4596ed3afddb4ca4307b1adbb | 2024-10-07 | 
| 14f390f978b2ebcdc8e181ac04f9978a397e21d2 | 2024-10-11 | 
| 83f53137a823ee0ace7e2ae94e7823caa036b800 | 2024-10-17 | 
| 69efdbbb45f642b5b142426a03a255f39e276689 | 2024-11-05 | 
| f5eb2f3ae6c3ece3e00dc68c5e8743de7e9f1117 | 2024-11-05 | 
| 94d6dfba9d81c00ff03ad61a0005e93a974a03f7 | 2024-11-12 | 
Enterprise Docker images are kept in a private registry that requires authorization. An authorization key is provided for each
customer separately. The next steps assume that the key is stored in keyfile.json.
Docker
To authenticate to docker registry execute:
gcloud auth activate-service-account --key-file=keyfile.json
gcloud auth configure-docker europe-docker.pkg.dev
To run the Ory Hydra Enterprise build, you need to set the DSN environment variable to the
database connection string and provide a configuration file.
Before deploying the service, you need to apply SQL migrations:
docker run -e DSN=cockroach://... europe-docker.pkg.dev/ory-artifacts/ory-enterprise/hydra-oel -- migrate sql -e  -f /path/to/config.yaml
Now you will be able to start the service:
docker run -e DSN=cockroach://... europe-docker.pkg.dev/ory-artifacts/ory-enterprise/hydra-oel -- serve all -f /path/to/config.yaml
Kubernetes
Setup Ory helm repository:
helm repo add ory https://k8s.ory.sh/helm/charts
helm repo update
Create ory namespace:
kubectl create namespace ory
Use the following command to create a kubernetes secret containing image registry credentials:
kubectl create secret docker-registry ory-oel-gcr-secret \
  --docker-server=europe-docker.pkg.dev \
  --docker-username=_json_key \
  --docker-password="$(cat keyfile.json)" \
  --namespace ory
Create kubernetes secret containing DSN and hydra secret values:
apiVersion: v1
kind: Secret
metadata:
  name: ory-oel-hydra-secret
  namespace: ory
data:
  dsn: cockroach://
  # https://www.ory.sh/docs/hydra/reference/configuration
  secretsCookie:
  secretsSystem:
Create a values.yaml file to customize the configuration:
image:
  repository: europe-docker.pkg.dev/ory-artifacts/ory-enterprise/hydra-oel
  tag: <replace-with-current-image-tag>
imagePullSecrets:
  - name: ory-oel-gcr-secret
maester:
  enabled: false
hydra:
  automigration:
    enabled: true
serviceMonitor:
  enabled: true
secret:
  enabled: false
  nameOverride: "ory-oel-hydra-secret"
config:
  # --hydra config--
  # https://www.ory.sh/docs/hydra/reference/configuration
Install Ory Hydra
helm install ory-oel-hydra ory/hydra --namespace ory --create-namespace -f values.yaml