Look into starting hydra with https using self certified tls

[zohrehj]

With the current setup we need to use --dangerous-use-http flag to enable calling hydra using http calls at cluster level and with the admin endpoint. The problem with this approach is that cookies set by hydra are not secure.

[dhanyak-btc]

@zohrehj I setup the hydra with self signed certificate, cookies set by hydra are secure. We should use https in production environment. Please refer Preparing for Production. I copied below text from hydra documentation.

If you are unable to properly set up TLS Termination, you may want to set the --dangerous-force-http flag. But please be aware that we discourage you from doing so and that you should know what you're doing.

[zohrehj]

our deployment uses ingress + google managed Certificates.
There is no tls certificate etc at Hydra level, so we run it with the flag.
That in turn causes only http requests to be served and for hydra cookies to be marked as insecure.

One alternative is to incorporate a self certified certificate into the hydra initial setup and remove the flag; but it requires more investigation and testing.

It is not a blocking issue, but we should look into it at some point.

[dhanyak-btc]

@mohangmk Please refer Hydra Configuration to configure self-signed certificate.

	-e SERVE_TLS_KEY_PATH="/home/ssl/key.pem"
	-e SERVE_TLS_CERT_PATH="/home/ssl/hydra.crt"