ory
Config values are loaded from the environment by Kratos/Keto/Hydra can cause validation errors
Preflight checklist
- [x] I could not find a solution in the existing issues, docs, nor discussions.
- [x] I agree to follow this project's Code of Conduct.
- [x] I have read and am following this repository's Contribution Guidelines.
- [x] I have joined the Ory Community Slack.
- [x] I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
Validation errors because some configs are incorrectly loaded.
Reproducing the bug
SECRETS=foo ory help
Relevant log output
The configuration contains values or keys which are invalid:
secrets: <nil>
^-- expected object, but got null
FATA[2025-03-03T09:54:37Z] Unable to load config. audience=application error=map[message:I[#/secrets] S[#/properties/secrets/type] expected object, but got null] service_name= service_version=
Version
1.1.0
Additional Context
Workaround:
unset SECRETS # if possible
env -u SECRETS ory help
Thanks @zepatrik &B @jonas-jonas for helping me fix this (in my local dev env) so quickly.
This was indeed my problem. I had used $SECRETS as an env var in my dotfiles .zshrc for storing various bits and bobs I use locally. Not sure if I just didn't read the friendly manual properly (so sorry if I missed this) but it could be useful if the necessary env vars for ory to use were communicated somewhere!
Also -- some cool aliases I ended up adding to my .zshrc for this to fix all my terminal sessions (if useful for anyone coming across this in future who has a sprawling mess of various terminal sessions open)
# Function to run a command in all tmux panes
if command -v tmux &> /dev/null && [ -n "$TMUX" ]; then
function tmux-all() {
tmux list-panes -a -F "#{session_name}:#{window_index}.#{pane_index}" |
while read pane; do
tmux send-keys -t "$pane" "$*" Enter
done
}
echo "tmux-all function is available"
else
function tmux-all() {
echo "Error: tmux is not running or not installed"
return 1
}
fi
- To use this alias to run chained commands you need to enclose shell commands in chains
tmux-all "echo $SECRETS; unset SECRETS; echo $SECRETS"
Kratos/Hydra/Keto load these env vars for the config, and we import them for some of the sub-commands. However, I think in the CLI context they should just not load any env vars, and therefore I'd consider this a bug.