diff --git a/deployment/roles/hydra_database/tasks/main.yml b/deployment/roles/hydra_database/tasks/main.yml
index c5bc6d3..7e3a86b 100644
--- a/deployment/roles/hydra_database/tasks/main.yml
+++ b/deployment/roles/hydra_database/tasks/main.yml
@@ -22,8 +22,16 @@
 - name: Grant permissions on Hydra database to Hydra database user
   community.postgresql.postgresql_privs:
     database: "{{ hydra_db_name }}"
-    state: present
-    privs: CREATE,CONNECT
+    privs: CONNECT
     type: database
     role: "{{ hydra_db_user }}"
   become_user: postgres
+
+- name: Grant permissions on public schema of Hydra database to Hydra database user
+  community.postgresql.postgresql_privs:
+    database: "{{ hydra_db_name }}"
+    objs: public
+    privs: CREATE,USAGE
+    type: schema
+    role: "{{ hydra_db_user }}"
+  become_user: postgres
diff --git a/deployment/roles/hydra_server/defaults/main.yml b/deployment/roles/hydra_server/defaults/main.yml
index a1c1c9f..8cae35e 100644
--- a/deployment/roles/hydra_server/defaults/main.yml
+++ b/deployment/roles/hydra_server/defaults/main.yml
@@ -5,7 +5,7 @@ hydra_os_group: hydra
 hydra_os_user: hydra
 hydra_home: /srv/hydra
 
-hydra_version: "1.11.9"
-hydra_checksum: "0e38096a45ae411f70b95beaad69a5335a16cf34c4963724beef3ebce37c283c"
+hydra_version: "2.1.2"
+hydra_checksum: "acab44b1f5324e001fcfecaa7115a5c3a07156e3e0d3840d8ed12deca4db6490"
 
-use_mkcert: false
+use_mkcert: true
diff --git a/deployment/roles/hydra_server/tasks/main.yml b/deployment/roles/hydra_server/tasks/main.yml
index ad1d1df..a6b2945 100644
--- a/deployment/roles/hydra_server/tasks/main.yml
+++ b/deployment/roles/hydra_server/tasks/main.yml
@@ -13,7 +13,6 @@
     state: present
     system: true
 
-
 - name: Create Hydra directories
   ansible.builtin.file:
     path: "{{hydra_home }}/{{ item.path }}"
@@ -26,7 +25,6 @@
     - { path: bin, mode: '0750' }
     - { path: download, mode: '0750' }
 
-
 - name: Download Hydra binary
   ansible.builtin.get_url:
     url: "https://github.com/ory/hydra/releases/download/v{{ hydra_version }}/hydra_{{ hydra_version }}-linux_64bit.tar.gz"
diff --git a/deployment/roles/hydra_server/templates/hydra.yml.j2 b/deployment/roles/hydra_server/templates/hydra.yml.j2
index 98c6dbc..f5ea8d4 100644
--- a/deployment/roles/hydra_server/templates/hydra.yml.j2
+++ b/deployment/roles/hydra_server/templates/hydra.yml.j2
@@ -3,14 +3,22 @@ serve:
   admin:
     host: {{ oidc_urls.hydra_admin.address | default("localhost") }}
     port: {{ oidc_urls.hydra_admin.port | default("4445") }}
+    tls:
+      enabled: true
+      cert:
+        path: {{ hydra_tls.cert }}
+      key:
+        path: {{ hydra_tls.key }}
   public:
     host: {{ oidc_urls.hydra_public.address | default(ansible_default_ipv4.address) }}
     port: {{ oidc_urls.hydra_public.port | default("4444") }}
-  tls:
-    cert:
-      path: {{ hydra_tls.cert }}
-    key:
-      path: {{ hydra_tls.key }}
+    tls:
+      enabled: true
+      cert:
+        path: {{ hydra_tls.cert }}
+      key:
+        path: {{ hydra_tls.key }}
+
 dsn: 'postgres://{{ hydra_db_user }}:{{ hydra_db_password }}@{{ hydra_db_host }}:{{ hydra_db_port }}/{{ hydra_db_name }}'
 
 webfinger:
@@ -18,14 +26,7 @@ webfinger:
     supported_claims:
       - email
       - email_verified
-      - given_name
-      - family_name
-      - middle_name
       - name
-      - birthdate
-      - zoneinfo
-      - locale
-      - https://auth.cacert.org/groups
     supported_scope:
       - profile
       - email
diff --git a/hydra_config b/hydra_config
index 4d3f908..6aa5d1d 160000
--- a/hydra_config
+++ b/hydra_config
@@ -1 +1 @@
-Subproject commit 4d3f908958b100eb901ce9f849a6fdd613aece06
+Subproject commit 6aa5d1de0411ce93deb67d91ed841ec1ef658bc3