Skip to content

identity_schema.md

Latest commit

 

History

History
101 lines (79 loc) · 3.35 KB

identity_schema.md

File metadata and controls

101 lines (79 loc) · 3.35 KB
page_title ory_identity_schema Data Source - ory
subcategory
description Fetches a single identity schema by its ID.

ory_identity_schema (Data Source)

Fetches a single identity schema by its ID.

This data source retrieves a specific identity schema from the project, allowing you to reference existing schemas without recreating them. This is particularly useful when schemas persist after a terraform destroy (since Ory does not support deleting schemas) and you want to reuse them on the next terraform apply.

-> Plan: Available on all Ory Network plans.

~> Note: Ory may assign hash-based IDs to schemas. Use the ory_identity_schemas (plural) data source to discover available schema IDs, or use the id output from an ory_identity_schema resource.

~> Tip: Set project_id when only a workspace API key is available (e.g., during project bootstrap before project_slug and project_api_key exist). When project credentials are configured, the Kratos API is preferred automatically as it returns canonical hash-based IDs with full schema content.

Example Usage

# Look up an identity schema by its API-assigned ID
data "ory_identity_schema" "customer" {
  id = "abc123def456..."
}

output "schema_content" {
  value = data.ory_identity_schema.customer.schema
}

# Or reference the ID from a resource
resource "ory_identity_schema" "employee" {
  schema_id = "employee"
  schema = jsonencode({
    "$id"     = "https://example.com/employee.schema.json"
    "$schema" = "http://json-schema.org/draft-07/schema#"
    title     = "Employee"
    type      = "object"
    properties = {
      traits = {
        type = "object"
        properties = {
          email = {
            type   = "string"
            format = "email"
            "ory.sh/kratos" = {
              credentials  = { password = { identifier = true } }
              verification = { via = "email" }
              recovery     = { via = "email" }
            }
          }
        }
        required = ["email"]
      }
    }
  })
}

data "ory_identity_schema" "employee" {
  id = ory_identity_schema.employee.id
}

# Look up a schema during project bootstrap (no project_slug/project_api_key needed)
data "ory_identity_schema" "bootstrap" {
  id         = "preset://username"
  project_id = "your-project-uuid"
}

# Create a new project and reuse an existing workspace schema as default
resource "ory_project" "new" {
  name = "my-new-project"
}

data "ory_identity_schema" "existing" {
  id         = "670f71...full-hash-id"
  project_id = ory_project.new.id
}

resource "ory_identity_schema" "default" {
  schema_id   = "customer"
  project_id  = ory_project.new.id
  schema      = data.ory_identity_schema.existing.schema
  set_default = true
}

Schema

Required

  • id (String) The ID of the schema to look up. This is the API-assigned ID (which may be a hash) or a preset ID like 'preset://username'.

Optional

  • project_id (String) The ID of the project. If not set, uses the provider's project_id. The Kratos API is preferred when project_slug and project_api_key are configured (returns canonical hash IDs with full schema content). When only a workspace key is available, schemas are read from the project config via the console API.

Read-Only

  • schema (String) The JSON Schema definition for the identity traits.