diff --git a/.env.sample b/.env.sample
index af98d230..6b98db23 100644
--- a/.env.sample
+++ b/.env.sample
@@ -146,6 +146,8 @@ HYDRA_PUBLIC_URL=${OATHKEEPER_PUBLIC_URL}/oidc
 # HYDRA_LOGIN_URL=https://sso.hmac.kr/login
 # HYDRA_CONSENT_URL=https://sso.hmac.kr/consent
 # HYDRA_ERROR_URL=https://sso.hmac.kr/error
+# Refresh Token 만료시각 source of truth (Hydra + backend ID Token rt_expires_at claim)
+HYDRA_REFRESH_TOKEN_TTL=720h
 
 # Kratos allowed_return_urls 확장 목록 (콤마 구분, 선택)
 # 기본값은 KRATOS_UI_URL, USERFRONT_URL, 각 callback URL을 자동 포함합니다.
@@ -183,4 +185,3 @@ VITE_ORGCHART_URL=
 
 # promtail에서 로그를 전송받을 Loki 서버 엔드포인트 URL
 LOKI_URL=http://loki:3100/loki/api/v1/push
-
diff --git a/.gitea/workflows/production_release.yml b/.gitea/workflows/production_release.yml
index 9c51ad89..5b9cd194 100644
--- a/.gitea/workflows/production_release.yml
+++ b/.gitea/workflows/production_release.yml
@@ -124,6 +124,7 @@ jobs:
             "ORGFRONT_URL=${{ vars.ORGFRONT_URL }}" \
             "BACKEND_URL=${{ vars.PROD_BACKEND_URL }}" \
             "VITE_OIDC_AUTHORITY=${{ vars.VITE_OIDC_AUTHORITY }}" \
+            "HYDRA_REFRESH_TOKEN_TTL=${{ vars.HYDRA_REFRESH_TOKEN_TTL }}" \
             "ADMINFRONT_CALLBACK_URLS=${{ vars.ADMINFRONT_CALLBACK_URLS }}" \
             "DEVFRONT_CALLBACK_URLS=${{ vars.DEVFRONT_CALLBACK_URLS }}" \
             "ORGFRONT_CALLBACK_URLS=${{ vars.ORGFRONT_CALLBACK_URLS }}" \
@@ -135,7 +136,7 @@ jobs:
           DB_USER DB_PASSWORD DB_NAME COOKIE_SECRET JWT_SECRET REDIS_ADDR
           NAVER_CLOUD_ACCESS_KEY NAVER_CLOUD_SECRET_KEY NAVER_CLOUD_SERVICE_ID NAVER_SENDER_PHONE_NUMBER
           AWS_REGION AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SES_SENDER
-          USERFRONT_URL ADMINFRONT_URL DEVFRONT_URL ORGFRONT_URL BACKEND_URL VITE_OIDC_AUTHORITY
+          USERFRONT_URL ADMINFRONT_URL DEVFRONT_URL ORGFRONT_URL BACKEND_URL VITE_OIDC_AUTHORITY HYDRA_REFRESH_TOKEN_TTL
           ADMINFRONT_CALLBACK_URLS DEVFRONT_CALLBACK_URLS ORGFRONT_CALLBACK_URLS
           "
           for key in ${required_dotenv_keys}; do
diff --git a/.gitea/workflows/staging_code_pull.yml b/.gitea/workflows/staging_code_pull.yml
index 6b971386..4690cdc1 100644
--- a/.gitea/workflows/staging_code_pull.yml
+++ b/.gitea/workflows/staging_code_pull.yml
@@ -116,6 +116,7 @@ jobs:
                   KRATOS_UI_URL=${{ vars.KRATOS_UI_URL }}
                   HYDRA_ADMIN_URL=${{ vars.HYDRA_ADMIN_URL }}
                   HYDRA_PUBLIC_URL=${{ vars.HYDRA_PUBLIC_URL }}
+                  HYDRA_REFRESH_TOKEN_TTL=${{ vars.HYDRA_REFRESH_TOKEN_TTL }}
                   JWKS_URL=${{ vars.JWKS_URL }}
                   OATHKEEPER_VERSION=${{ vars.OATHKEEPER_VERSION }}
                   OATHKEEPER_UID=${{ vars.OATHKEEPER_UID }}
diff --git a/.gitea/workflows/staging_release.yml b/.gitea/workflows/staging_release.yml
index d15d1338..37c853b5 100644
--- a/.gitea/workflows/staging_release.yml
+++ b/.gitea/workflows/staging_release.yml
@@ -124,6 +124,7 @@ jobs:
           KRATOS_UI_URL=${{ vars.KRATOS_UI_URL }}
           HYDRA_ADMIN_URL=${{ vars.HYDRA_ADMIN_URL }}
           HYDRA_PUBLIC_URL=${{ vars.HYDRA_PUBLIC_URL }}
+          HYDRA_REFRESH_TOKEN_TTL=${{ vars.HYDRA_REFRESH_TOKEN_TTL }}
           JWKS_URL=${{ vars.JWKS_URL }}
           OATHKEEPER_VERSION=${{ vars.OATHKEEPER_VERSION }}
           OATHKEEPER_UID=${{ vars.OATHKEEPER_UID }}
@@ -158,7 +159,7 @@ jobs:
           USERFRONT_URL ORGFRONT_URL BACKEND_PUBLIC_URL BACKEND_URL OATHKEEPER_PUBLIC_URL
           ORY_POSTGRES_TAG ORY_POSTGRES_USER ORY_POSTGRES_PASSWORD ORY_POSTGRES_DB KRATOS_DB HYDRA_DB KETO_DB
           KRATOS_VERSION KRATOS_UI_NODE_VERSION HYDRA_VERSION KETO_VERSION ORY_SDK_URL KRATOS_PUBLIC_URL
-          KRATOS_ADMIN_URL KRATOS_BROWSER_URL KRATOS_UI_URL HYDRA_ADMIN_URL HYDRA_PUBLIC_URL JWKS_URL
+          KRATOS_ADMIN_URL KRATOS_BROWSER_URL KRATOS_UI_URL HYDRA_ADMIN_URL HYDRA_PUBLIC_URL HYDRA_REFRESH_TOKEN_TTL JWKS_URL
           OATHKEEPER_VERSION OATHKEEPER_UID OATHKEEPER_GID OATHKEEPER_HEALTH_URL OATHKEEPER_HEALTH_INTERVAL_SECONDS
           OATHKEEPER_HEALTH_TIMEOUT_SECONDS OATHKEEPER_HEALTH_ENABLED CSRF_COOKIE_NAME CSRF_COOKIE_SECRET
           VITE_OIDC_AUTHORITY ADMINFRONT_CALLBACK_URLS DEVFRONT_CALLBACK_URLS ORGFRONT_CALLBACK_URLS
diff --git a/docker/ory/hydra/hydra.yml.template b/docker/ory/hydra/hydra.yml.template
index 811eec27..03595dfc 100644
--- a/docker/ory/hydra/hydra.yml.template
+++ b/docker/ory/hydra/hydra.yml.template
@@ -96,3 +96,4 @@ oidc:
 ttl:
     access_token: 15m
     id_token: 15m
+    refresh_token: ${HYDRA_REFRESH_TOKEN_TTL}
diff --git a/scripts/render_ory_config.sh b/scripts/render_ory_config.sh
index 52f9e823..97cc96aa 100755
--- a/scripts/render_ory_config.sh
+++ b/scripts/render_ory_config.sh
@@ -183,10 +183,11 @@ KRATOS_DSN="${KRATOS_DSN:-postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWOR
 HYDRA_DSN="${HYDRA_DSN:-postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${HYDRA_DB}?sslmode=disable&max_conns=20}"
 KETO_DSN="${KETO_DSN:-postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KETO_DB}?sslmode=disable&max_conns=20}"
 HYDRA_SYSTEM_SECRET="${HYDRA_SYSTEM_SECRET:-${SECRETS_SYSTEM:-${ORY_POSTGRES_PASSWORD}}}"
+HYDRA_REFRESH_TOKEN_TTL="${HYDRA_REFRESH_TOKEN_TTL:-720h}"
 OATHKEEPER_INTROSPECT_CLIENT_ID="${OATHKEEPER_INTROSPECT_CLIENT_ID:-oathkeeper-introspect}"
 OATHKEEPER_INTROSPECT_CLIENT_SECRET="${OATHKEEPER_INTROSPECT_CLIENT_SECRET:-oathkeeper-secret}"
 
-export KRATOS_DSN HYDRA_DSN KETO_DSN HYDRA_SYSTEM_SECRET
+export KRATOS_DSN HYDRA_DSN KETO_DSN HYDRA_SYSTEM_SECRET HYDRA_REFRESH_TOKEN_TTL
 export OATHKEEPER_INTROSPECT_CLIENT_ID OATHKEEPER_INTROSPECT_CLIENT_SECRET
 
 resolve_kratos_session_cookie_domain