#mdoc Issuance via OID4VCI with Cloud KMS

This flow covers a portal initiating an mdoc credential offer, the wallet claiming it via OID4VCI, and the Issuer API delegating signing to an external Cloud KMS (TSE/Vault).

Components involved:

• Portal Application — initiates the credential offer and displays the QR code
• Wallet (Holder) — scans the QR code, completes the OID4VCI flow, stores the credential
• Issuer API — manages the issuance session and orchestrates signing
• Cloud KMS (TSE/Vault) — holds the issuer private key and performs signing

#Related

• Key Management — Hashicorp Vault
• mDL Issuance