Skip to main content
Ory Kratos is available as a Docker image on Docker Hub. Docker is the recommended deployment method for development and production environments.

Official Docker images

Kratos provides several Docker image variants:

Alpine

oryd/kratos:v25.4.0 - Lightweight Alpine-based image with SQLite support

Distroless

oryd/kratos:v25.4.0-distroless - Minimal distroless image for enhanced security

Quick start with Docker Compose

The fastest way to run Kratos is using Docker Compose. Here’s the complete quickstart.yml from the Kratos repository: 
version: '3.7'

services:
  kratos-migrate:
    image: oryd/kratos:v25.4.0
    environment:
      - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc
    volumes:
      - type: volume
        source: kratos-sqlite
        target: /var/lib/sqlite
      - type: bind
        source: ./contrib/quickstart/kratos/email-password
        target: /etc/config/kratos
    command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
    restart: on-failure
    networks:
      - intranet

  kratos:
    depends_on:
      - kratos-migrate
    image: oryd/kratos:v25.4.0
    ports:
      - '4433:4433' # public API
      - '4434:4434' # admin API
    restart: unless-stopped
    environment:
      - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true
      - LOG_LEVEL=trace
    command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
    volumes:
      - type: volume
        source: kratos-sqlite
        target: /var/lib/sqlite
      - type: bind
        source: ./contrib/quickstart/kratos/email-password
        target: /etc/config/kratos
    networks:
      - intranet

networks:
  intranet:

volumes:
  kratos-sqlite:

Running with Docker

Run a single Kratos container: 
docker run -p 4433:4433 -p 4434:4434 \
  -e DSN="memory" \
  oryd/kratos:v25.4.0 \
  serve --dev
The --dev flag disables security features and should only be used in development.

Production deployment

For production, use a proper database and configuration file: 
docker run -p 4433:4433 -p 4434:4434 \
  -e DSN="postgres://user:pass@postgres:5432/kratos?sslmode=require" \
  -v /path/to/config:/etc/config/kratos \
  oryd/kratos:v25.4.0 \
  serve -c /etc/config/kratos/kratos.yml

Environment variables

Key environment variables for Docker deployment:
DSN
string
required
Database connection string (PostgreSQL, MySQL, CockroachDB, or SQLite)
LOG_LEVEL
string
Logging level: trace, debug, info, warn, error, fatal, panic
SERVE_PUBLIC_PORT
number
Public API port (default: 4433)
SERVE_ADMIN_PORT
number
Admin API port (default: 4434)

Docker Compose variants

The Kratos repository includes several quickstart variants: 
docker-compose -f quickstart-postgres.yml up
Uses PostgreSQL as the database backend.

Exposed ports

The Kratos Docker image exposes two ports:
  • 4433: Public API - For self-service flows (login, registration, etc.)
  • 4434: Admin API - For administrative operations (identity CRUD, sessions)

Volumes

When using SQLite, mount a volume at /var/lib/sqlite to persist data:
volumes:
  - kratos-sqlite:/var/lib/sqlite
Mount your configuration directory:
volumes:
  - ./config:/etc/config/kratos

Health checks

Add health checks to your Docker Compose: 
kratos:
  image: oryd/kratos:v25.4.0
  healthcheck:
    test: ["CMD", "kratos", "version"]
    interval: 10s
    timeout: 3s
    retries: 3
    start_period: 5s

Next steps

Database setup

Configure PostgreSQL, MySQL, or CockroachDB

Configuration

Learn about Kratos configuration options

Build docs developers (and LLMs) love

Get started for freeTalk to us