Migrate configs from env

note

You can skip this page if your Logto version is greater than or equal to v1.0.0-beta.11.

Managing too many environment variables are not efficient and flexible, and it’s hard to keep a single source of truth when you have multiple containers running.

So we decided to move all possible technical configs to the database, including OIDC-related keys.

To make it smooth, make sure you have an original .env file, or run the command in an environment that has the following variables:

OIDC_PRIVATE_KEYS=some_secret_key # Or OIDC_PRIVATE_KEY_PATHS
OIDC_COOKIE_KEYS=key1,key2
DB_URL=postgresql://localhost:5432/logto

Then run the command below:

CLI

logto db seed oidc
# Or
logto db seed oidc --env /your/path/to/.env

npx

npx @logto/cli db seed oidc
# Or
npx @logto/cli db seed oidc --env /your/path/to/.env

If everything goes well, you will see the message like:

[info] Read config oidc.privateKeys from env
[info] Read config oidc.cookieKeys from env
[info] Generated config oidc.refreshTokenReuseInterval
[info] ✔ Seed OIDC config

From now on, you can safely remove OIDC_PRIVATE_KEYS and OIDC_COOKIE_KEYS from the environment variables. Remember to restart your Logto instance to get the changes reflected.