Skip to main content

IAM

Codename: J.A.R.V.I.S. — The Butler. "Welcome home, sir." Handles identity and authentication.

Security and identity management services for the A.R.C. Framework.

Overview

Security services provide authentication, authorization, and identity management capabilities. Note: These are swappable - alternative implementations can be used based on your needs.

Categories

Identity

Authentication and user management

  • Active: Kratos
  • Alternatives: Keycloak, Auth0, AWS Cognito
  • Status: ✅ Active

Identity

Authentication and user identity management.

Overview

Identity services provide user authentication, registration, and profile management.

Active Implementation

Ory Kratos

Status: ✅ Active Type: Cloud-native identity server

  • Self-service flows (login, registration, recovery)
  • Multi-factor authentication
  • Session management
  • API-first design

Ory Kratos Configuration

This directory contains the configuration files for Ory Kratos, an open-source identity and user management system.

Files

  • kratos.yml - Main Kratos configuration file
  • identity.schema.json - Identity schema defining user traits (email, name)

Configuration Overview

The current setup includes:

  • Email/password authentication
  • Self-service flows (login, registration, recovery, verification)
  • PostgreSQL database integration (configured via DSN environment variable)
  • Debug logging enabled

Important Security Notes

⚠️ WARNING: This configuration is for DEVELOPMENT ONLY!

The following settings MUST be changed for production:

  1. Secrets in kratos.yml:

    secrets:
      cookie:
        - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE # Change this!
      cipher:
        - 32-LONG-SECRET-NOT-SECURE-AT-ALL # Change this!

  2. Database: Currently uses PostgreSQL via environment variable DSN

  3. SMTP/Email: Configure a real SMTP server for production

Database Migrations

Before running Kratos, you need to run database migrations:

# Using docker-compose
docker-compose -f docker-compose.yml -f docker-compose.stack.yml run --rm kratos migrate sql -e --yes

# Or using Make
make migrate-kratos

Testing Kratos

After starting the services:

References

Alternatives

  • Keycloak - Full-featured, enterprise
  • Auth0 - SaaS, developer-friendly
  • AWS Cognito - Cloud-native (AWS)
  • Supabase Auth - Open-source, simple
  • Custom Auth - Build your own