diff --git a/.changeset/two-wombats-count.md b/.changeset/two-wombats-count.md
new file mode 100644
index 00000000000..feba652227e
--- /dev/null
+++ b/.changeset/two-wombats-count.md
@@ -0,0 +1,5 @@
+---
+"@atproto/ozone": patch
+---
+
+Add in-memory did cachee
diff --git a/packages/ozone/src/config/config.ts b/packages/ozone/src/config/config.ts
index 747a7080fd2..a5eea6c5c1f 100644
--- a/packages/ozone/src/config/config.ts
+++ b/packages/ozone/src/config/config.ts
@@ -1,5 +1,6 @@
 import assert from 'node:assert'
 import { OzoneEnvironment } from './env'
+import { DAY, HOUR } from '@atproto/common'
 
 // off-config but still from env:
 // logging: LOG_LEVEL, LOG_SYSTEMS, LOG_ENABLED, LOG_DESTINATION
@@ -60,6 +61,8 @@ export const envToCfg = (env: OzoneEnvironment): OzoneConfig => {
   assert(env.didPlcUrl, 'didPlcUrl is required')
   const identityCfg: OzoneConfig['identity'] = {
     plcUrl: env.didPlcUrl,
+    cacheMaxTTL: env.didCacheMaxTTL ?? DAY,
+    cacheStaleTTL: env.didCacheStaleTTL ?? HOUR,
   }
 
   const blobDivertServiceCfg =
@@ -143,6 +146,8 @@ export type CdnConfig = {
 
 export type IdentityConfig = {
   plcUrl: string
+  cacheStaleTTL: number
+  cacheMaxTTL: number
 }
 
 export type AccessConfig = {
diff --git a/packages/ozone/src/config/env.ts b/packages/ozone/src/config/env.ts
index b521657011d..173b874e78e 100644
--- a/packages/ozone/src/config/env.ts
+++ b/packages/ozone/src/config/env.ts
@@ -21,6 +21,8 @@ export const readEnv = (): OzoneEnvironment => {
     dbPoolMaxUses: envInt('OZONE_DB_POOL_MAX_USES'),
     dbPoolIdleTimeoutMs: envInt('OZONE_DB_POOL_IDLE_TIMEOUT_MS'),
     didPlcUrl: envStr('OZONE_DID_PLC_URL'),
+    didCacheStaleTTL: envInt('OZONE_DID_CACHE_STALE_TTL'),
+    didCacheMaxTTL: envInt('OZONE_DID_CACHE_MAX_TTL'),
     cdnPaths: envList('OZONE_CDN_PATHS'),
     adminDids: envList('OZONE_ADMIN_DIDS'),
     moderatorDids: envList('OZONE_MODERATOR_DIDS'),
@@ -52,6 +54,8 @@ export type OzoneEnvironment = {
   dbPoolMaxUses?: number
   dbPoolIdleTimeoutMs?: number
   didPlcUrl?: string
+  didCacheStaleTTL?: number
+  didCacheMaxTTL?: number
   cdnPaths?: string[]
   adminDids: string[]
   moderatorDids: string[]
diff --git a/packages/ozone/src/context.ts b/packages/ozone/src/context.ts
index 120c40d6966..9ad50000f24 100644
--- a/packages/ozone/src/context.ts
+++ b/packages/ozone/src/context.ts
@@ -1,6 +1,6 @@
 import express from 'express'
 import * as plc from '@did-plc/lib'
-import { IdResolver } from '@atproto/identity'
+import { DidCache, IdResolver, MemoryCache } from '@atproto/identity'
 import { AtpAgent } from '@atproto/api'
 import { Keypair, Secp256k1Keypair } from '@atproto/crypto'
 import { createServiceAuthHeaders } from '@atproto/xrpc-server'
@@ -39,6 +39,7 @@ export type AppContextOptions = {
   blobDiverter?: BlobDiverter
   signingKey: Keypair
   signingKeyId: number
+  didCache: DidCache
   idResolver: IdResolver
   imgInvalidator?: ImageInvalidator
   backgroundQueue: BackgroundQueue
@@ -74,8 +75,13 @@ export class AppContext {
       ? new AtpAgent({ service: cfg.chat.url })
       : undefined
 
+    const didCache = new MemoryCache(
+      cfg.identity.cacheStaleTTL,
+      cfg.identity.cacheMaxTTL,
+    )
     const idResolver = new IdResolver({
       plcUrl: cfg.identity.plcUrl,
+      didCache,
     })
 
     const createAuthHeaders = (aud: string) =>
@@ -131,6 +137,7 @@ export class AppContext {
         chatAgent,
         signingKey,
         signingKeyId,
+        didCache,
         idResolver,
         backgroundQueue,
         sequencer,
@@ -198,6 +205,10 @@ export class AppContext {
     return new plc.Client(this.cfg.identity.plcUrl)
   }
 
+  get didCache(): DidCache {
+    return this.opts.didCache
+  }
+
   get idResolver(): IdResolver {
     return this.opts.idResolver
   }