@@ -10,65 +10,95 @@ to our [Kubernetes Helm Chart Repository](https://k8s.ory.sh/helm) for Charts an
1010
1111## Data storage and persistence
1212
13- All Ory projects support storing data in memory and in relational databases such as PostgreSQL, MySQL, SQLite and CockroachDB.
13+ All Ory projects support storing data in memory and in relational databases:
1414
15- ### In-memory (ephemeral)
15+ - PostgreSQL is recommended as the default database.
16+ - MySQL is supported, some flavors like MariaDB and AWS Aurora may require additional work.
17+ - CockroachDB is supported.
18+ - SQLite is supported (in-memory and persistent) but must not be used for a production service.
1619
17- Storing data in-memory helps you get started quickly without worrying about setting up a database first. Keep in mind that all
18- data is ephemeral and will be removed when the service is killed.
19-
20- Using in-memory storage is usually achieved by setting configuration key ` dsn ` to ` memory ` .
21-
22- ### SQL (persistent)
23-
24- All Ory projects support PostgreSQL, MySQL, SQLite and CockroachDB as first-class citizens.
25-
26- ##### SQLite
27-
28- If configuration key ` dsn ` (Data Source Name) is prefixed with ` sqlite:// ` , then SQLite will be used as storage backend.
29-
30- An exemplary configuration would look like this: ` DSN=sqlite:///tmp/some-db.sqlite?_fk=true `
20+ ### PostgreSQL
3121
32- The following DSN parameters are required:
33-
34- - ` _fk ` (bool): Must be set to ` true ` (` ?_fk=true ` ) for foreign keys to work.
22+ If configuration key ` dsn ` (Data Source Name) is prefixed with ` postgres:// ` , then PostgreSQL will be used as storage backend. An
23+ exemplary configuration would look like this:
3524
36- For a list of all supported query parameters, head over to
37- [ github.com/mattn/go-sqlite3] ( https://github.com/mattn/go-sqlite3#connection-string ) .
25+ ```
26+ DSN=postgres://user:password@host:123/database
27+ ```
3828
39- ##### PostgreSQL
29+ Parameters are configured by appending them to the DSN query. For example, to set the ` sslmode ` parameter, you would append it to
30+ the DSN query like this:
4031
41- If configuration key ` dsn ` (Data Source Name) is prefixed with ` postgres:// ` , then PostgreSQL will be used as storage backend. An
42- exemplary configuration would look like this: ` DSN=postgres://user:password@host:123/database `
32+ ```
33+ postgres://user:password@host:123/database?sslmode=verify-full
34+ ```
4335
44- All parameters [ supported by ` libpq ` ] ( https://www.postgresql.org/docs/9.6/libpq-connect.html ) are supported by Ory Kratos as well.
45- In particular:
36+ #### Supported parameters
4637
47- - ` max_conns ` (number): Sets the maximum number of open connections to the database. Defaults to the number of CPU cores times 2.
48- - ` max_idle_conns ` (number): Sets the maximum number of connections in the idle. Defaults to the number of CPU cores.
49- - ` max_conn_lifetime ` (duration): Sets the maximum amount of time ("ms", "s", "m", "h") a connection may be reused.
50- - ` max_conn_idle_time ` (duration): Sets the maximum amount of time ("ms", "s", "m", "h") a connection can be kept alive.
51- - ` sslmode ` (string): Whether or not to use SSL (default is require)
38+ - ` sslmode ` (string): Whether or not to use SSL (default is ` require ` )
5239 - ` disable ` - No SSL
5340 - ` require ` - Always SSL (skip verification)
5441 - ` verify-ca ` - Always SSL (verify that the certificate presented by the ` server ` was signed by a trusted CA)
5542 - ` verify-full ` - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server
5643 host name matches the one in the certificate)
44+ - ` application_name ` (string): An initial value for the application_name session variable.
5745- ` fallback_application_name ` (string): An application_name to fall back to if one isn't provided.
58- - ` connect_timeout ` (number): Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely.
5946- ` search_path ` (string): specifies the [ search path] ( https://www.postgresql.org/docs/12/ddl-schemas.html ) , such as the schema.
6047- ` sslcert ` (string): Cert file location. The file must contain PEM encoded data.
6148- ` sslkey ` (string): Key file location. The file must contain PEM encoded data.
6249- ` sslrootcert ` (string): The location of the root certificate file. The file must contain PEM encoded data.
6350
64- To set such a parameter, append it to the DSN query, for example: ` postgres://user:password@host:123/database?sslmode=verify-full `
51+ ##### Standard pooling
52+
53+ - ` max_idle_conns ` (number): Sets the maximum number of connections in the idle. Defaults to the number of CPU cores.
54+ - ` max_conns ` (number): Sets the maximum number of open connections to the database. Defaults to the number of CPU cores times 2.
55+ - ` max_idle_conns ` (number): Sets the maximum number of connections in the idle. Defaults to the number of CPU cores.
56+ - ` max_conn_lifetime ` (duration): Sets the maximum amount of time ("ms", "s", "m", "h") a connection may be reused.
57+ - ` max_conn_idle_time ` (duration): Sets the maximum amount of time ("ms", "s", "m", "h") a connection can be kept alive.
58+ - ` connect_timeout ` (number): Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely.
59+
60+ ##### High-performance pooling
61+
62+ High-performance pooling is built using [ pgxpool] ( https://pkg.go.dev/github.com/jackc/pgx/v5/pgxpool ) and provides additional
63+ configuration options to the ones listed under "Standard pooling".
6564
66- ##### MySQL
65+ Using pool configuration overrides standard pool options. It is recommended to set both ` pool_ ` and not ` pool_ ` prefixed values to
66+ ensure that the standard pool options are set as well (` postgres://...?max_conns=4&pool_max_conns=4 ` ).
67+
68+ - ` pool_max_conns ` (number): Sets the maximum number of open connections to the database. Defaults to the number of CPU cores
69+ times 2. Overrides ` max_conns ` .
70+ - ` pool_max_conn_lifetime ` (duration): Sets the maximum amount of time ("ms", "s", "m", "h") a connection may be reused. Overrides
71+ ` max_conn_lifetime ` .
72+ - ` pool_max_conn_idle_time ` (duration): Sets the maximum amount of time ("ms", "s", "m", "h") a connection can be kept alive.
73+ Overrides ` max_conn_idle_time ` .
74+ - ` pool_min_conns ` (number): The minimum size of the pool. After connection closes, the pool might dip below MinConns. A low
75+ number of MinConns might mean the pool is empty after MaxConnLifetime until the health check has a chance to create new
76+ connections. Defaults to 0.
77+ - ` pool_health_check_period ` (duration): Sets the period for health checks to potentially kill stale
78+ connections.` Defaults to 1 minute. `
79+ - ` pool_max_conn_lifetime_jitter ` (duration): Sets the maximum amount of time ("ms", "s", "m", "h") a connection may be reused.
80+ This is a random value that is added to the ` pool_max_conn_lifetime ` value. This is useful to avoid thundering herd problems
81+ when many connections are closed at the same time.
82+
83+ ### CockroachDB
84+
85+ If configuration key ` dsn ` (Data Source Name) is prefixed with ` cockroach:// ` , then CockroachDB will be used as storage backend.
86+ CockroachDB supports the same parameters as PostgreSQL.
87+
88+ An exemplary configuration would look like this:
89+
90+ ```
91+ DSN=cockroach://user:password@host:123/database?sslmode=verify-full&...
92+ ```
93+
94+ ### MySQL
6795
6896If configuration key ` dsn ` (Data Source Name) is prefixed with ` mysql:// ` , then MySQL will be used as storage backend. An
6997exemplary configuration would look like this: ` DSN=mysql://user:password@tcp(host:123)/database?parseTime=true `
7098
71- Additionally, the following DSN parameters are supported:
99+ #### Supported parameters
100+
101+ The following DSN parameters are supported:
72102
73103- ` max_conns ` (number): Sets the maximum number of open connections to the database. Defaults to the number of CPU cores times 2.
74104- ` max_idle_conns ` (number): Sets the maximum number of connections in the idle. Defaults to the number of CPU cores.
@@ -93,9 +123,12 @@ Additionally, the following DSN parameters are supported:
93123 as "30s", "0.5m" or "1m30s".
94124
95125To set such a parameter, append it to the DSN query, for example:
96- ` mysql://user:password@tcp(host:123)/database?parseTime=true&writeTimeout=123s `
97126
98- ###### AWS Aurora / MySQL 8.0+ not completing migrations
127+ ```
128+ DSN=mysql://user:password@tcp(host:123)/database?parseTime=true&writeTimeout=123s
129+ ```
130+
131+ #### AWS Aurora / MySQL 8.0+ not completing migrations
99132
100133If you encounter errors such as
101134
@@ -110,23 +143,23 @@ See also:
110143- https://github.com/ory/hydra/issues/3363
111144- https://github.com/ory/kratos/issues/2167
112145
113- ##### CockroachDB
146+ ### SQLite
114147
115- If configuration key ` dsn ` (Data Source Name) is prefixed with ` cockroach ://` , then CockroachDB will be used as storage backend.
116- An exemplary configuration would look like this: ` DSN=cockroach://user:password@host:123/database `
148+ If configuration key ` dsn ` (Data Source Name) is prefixed with ` sqlite ://` , then SQLite will be used as storage backend. SQLite is
149+ a great choice for development but has many drawbacks and should not be used in production.
117150
118- Additionally, the following DSN parameters are supported:
151+ An exemplary configuration would look like this: ` DSN=sqlite:///tmp/some-db.sqlite?_fk=true `
119152
120- - ` sslmode ` (string): Whether or not to use SSL (default is require)
121- - ` disable ` - No SSL
122- - ` require ` - Always SSL (skip verification)
123- - ` verify-ca ` - Always SSL (verify that the certificate presented by the ` server ` was signed by a trusted CA)
124- - ` verify-full ` - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server
125- host name matches the one in the certificate)
126- - ` application_name ` (string): An initial value for the application_name session variable.
127- - ` sslcert ` (string): Cert file location. The file must contain PEM encoded data.
128- - ` sslkey ` (string): Key file location. The file must contain PEM encoded data.
129- - ` sslrootcert ` (string): The location of the root certificate file. The file must contain PEM encoded data.
153+ The following DSN parameters are required:
130154
131- To set such a parameter, append it to the DSN query, for example:
132- ` cockroach://user:password@host:123/database?sslmode=verify-full `
155+ - ` _fk ` (bool): Must be set to ` true ` (` ?_fk=true ` ) for foreign keys to work.
156+
157+ For a list of all supported query parameters, head over to
158+ [ github.com/mattn/go-sqlite3] ( https://github.com/mattn/go-sqlite3#connection-string ) .
159+
160+ #### SQLite in-memory (ephemeral)
161+
162+ Storing data in-memory helps you get started quickly without worrying about setting up a database first. Keep in mind that all
163+ data is ephemeral and will be removed when the service is killed.
164+
165+ Using in-memory storage is usually achieved by setting configuration key ` DSN=memory ` .
0 commit comments