Migrate configs from env
You can skip this page if your Logto version is greater than or equal to
Managing too many environment variables are not efficient and flexible, and it’s hard to keep a single source of truth when you have multiple containers running.
So we decided to move all possible technical configs to the database, including OIDC-related keys.
To make it smooth, make sure you have an original
.env file, or run the command in an environment that has the following variables:
OIDC_PRIVATE_KEYS=some_secret_key # Or OIDC_PRIVATE_KEY_PATHS
Then run the command below:
logto db seed oidc
logto db seed oidc --env /your/path/to/.env
npx @logto/cli db seed oidc
npx @logto/cli db seed oidc --env /your/path/to/.env
If everything goes well, you will see the message like:
[info] Read config oidc.privateKeys from env
[info] Read config oidc.cookieKeys from env
[info] Generated config oidc.refreshTokenReuseInterval
[info] ✔ Seed OIDC config
From now on, you can safely remove
OIDC_COOKIE_KEYS from the environment variables. Remember to restart your Logto instance to get the changes reflected.