whatisgithub

What is kratos?

ory/kratos — explained in plain English

Analysis updated 2026-06-24

13,639GoAudience · developerComplexity · 4/5Setup · hard

In one sentence

Ory Kratos is an open-source identity management system that handles user registration, login, password recovery, multi-factor authentication, and social sign-in so you don't have to build any of it yourself.

Mindmap

mindmap
  root((kratos))
    What It Does
      User registration
      Login and sessions
      MFA support
      Password recovery
    Auth Methods
      Passwords
      Social sign-in
      Passkeys and TOTP
      Magic links
    Deployment
      Self-hosted
      Ory Network managed
      Kubernetes support
    Integrations
      Ory Hydra OAuth2
      PostgreSQL MySQL
      Custom frontends
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Add user registration, login, and password recovery to your web app without building any authentication logic yourself.

USE CASE 2

Enable social sign-in via Google or GitHub and multi-factor authentication (TOTP, passkeys) for your users.

USE CASE 3

Run a self-hosted identity provider on Kubernetes connected to your existing PostgreSQL or MySQL database.

USE CASE 4

Replace a custom login system with a headless identity service your own frontend UI controls the look of.

What is it built with?

GoPostgreSQLMySQLKubernetesOAuth2OpenID Connect

How does it compare?

ory/kratosprojectdiscovery/subfindercasdoor/casdoor
Stars13,63913,61713,604
LanguageGoGoGo
Setup difficultyhardeasymoderate
Complexity4/52/54/5
Audiencedeveloperops devopsops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires a running PostgreSQL or MySQL database and a server or Kubernetes cluster to deploy the service.

Free to self-host as open source, enterprise features like SAML and SCIM require a paid commercial license.

So what is it?

Ory Kratos is an open-source system for managing user accounts and identity, written in Go. Its purpose is to handle everything related to who a user is and how they log in, so that application developers do not have to build those pieces themselves. It covers user registration, login, password recovery, email verification, multi-factor authentication, and profile management, all exposed through HTTP APIs. The core idea is that instead of each application reinventing its own login system, Kratos acts as a shared service that handles identity. Your own application's frontend handles what the login page looks like, but the logic behind it (checking credentials, issuing sessions, locking accounts) comes from Kratos. This makes Kratos what the README calls "headless," meaning it has no built-in user interface of its own. It supports a range of authentication methods: passwords, passkeys, biometric login, social sign-in through providers like Google or GitHub, SMS codes, TOTP (time-based one-time passwords), SAML, and magic links. For organizations that need single sign-on across multiple apps, Kratos can be paired with Ory Hydra, another project from the same team that handles the OAuth2 and OpenID Connect protocol layer. You can run Kratos in two ways. The first is self-hosted, where you install it on your own server or Kubernetes cluster and connect it to a database like PostgreSQL or MySQL. The second is as a managed service through the Ory Network, where Ory runs the infrastructure for you. The open-source version is free to self-host. Enterprise features like SAML, SCIM, and SLA-backed support require a commercial license. The README reports that the Ory stack processes over seven billion API requests per day across thousands of companies, and the Ory community has more than 50,000 members.

Copy-paste prompts

Prompt 1
I'm building a web app and want to add user login using Ory Kratos. How do I set it up with PostgreSQL and build a custom login page that calls the Kratos API?
Prompt 2
Help me configure Ory Kratos to support Google and GitHub social sign-in alongside email and password login.
Prompt 3
I want to enable TOTP two-factor authentication in Ory Kratos. Walk me through the configuration steps.
Prompt 4
How do I deploy Ory Kratos on Kubernetes with a PostgreSQL backend and connect it to my existing frontend application?
Prompt 5
What is the difference between Ory Kratos and Ory Hydra, and when do I need both for single sign-on?

Frequently asked questions

What is kratos?

Ory Kratos is an open-source identity management system that handles user registration, login, password recovery, multi-factor authentication, and social sign-in so you don't have to build any of it yourself.

What language is kratos written in?

Mainly Go. The stack also includes Go, PostgreSQL, MySQL.

What license does kratos use?

Free to self-host as open source, enterprise features like SAML and SCIM require a paid commercial license.

How hard is kratos to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is kratos for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.