Overview

The issuer API is designed to be stateless and does not store cryptographic key material. Therefore, every API call requires the cryptographic key to be provided. When signing and issuing a credential e.g. via OID4VC, either the complete key in JWK format or a reference to a key stored in an external KMS solution is needed. In production systems, the recommended approach is to use an external KMS solution, so that the private key used to sign a credential never leaves a secure environment.

Supported KMS Solutions

Get Started

  • Hashicorp Vault - Use keys from Hashicorp Vault to sign credentials
  • AWS KMS - Use keys from AWS KMS to sign credentials