vta-sdk 0.19.1

SDK for Verifiable Trust Agents operating in Verifiable Trust Communities
Documentation

vta-sdk

SDK for Verifiable Trust Agents operating in Verifiable Trust Communities. Part of the First Person Network project.

Overview

vta-sdk provides the types, HTTP/DIDComm client, session management, and protocol constants needed to interact with a VTA service:

  • Types -- shared data models for keys, contexts, ACL entries, sessions, and audit records.
  • HTTP client -- typed REST client for all VTA endpoints (requires client feature).
  • DIDComm -- DIDComm v2 message construction and secrets resolution (requires didcomm feature).
  • Session management -- credential import, challenge-response auth, and automatic token refresh (requires session feature).
  • Integration module -- unified startup pattern for services that manage their DID and keys through a VTA (requires integration feature).

Feature Flags

Feature Default Description
client No VTA HTTP client (reqwest-based) with lightweight auth
didcomm No DIDComm v2 message support
session No Full session management (implies client + didcomm)
integration No Service startup module with offline resilience (implies client + session)
keyring No OS keyring session storage
config-session No File-based session storage
azure-secrets No Azure Key Vault secrets resolver

Usage

Add to your Cargo.toml:

[dependencies]
# Types only (no network)
vta-sdk = "0.5"

# Full client with session management
vta-sdk = { version = "0.5", features = ["session", "keyring"] }

# Service integration with offline resilience
vta-sdk = { version = "0.5", features = ["integration"] }

Quick Start: Service Integration

The integration module provides a one-call startup pattern for services that delegate key management to a VTA:

use vta_sdk::integration::{startup, VtaServiceConfig, SecretCache};

// 1. Implement SecretCache for your storage backend
struct MyCache;
impl SecretCache for MyCache {
    async fn store(&self, bundle: &DidSecretsBundle) -> Result<(), Box<dyn Error>> { /* ... */ }
    async fn load(&self) -> Result<Option<DidSecretsBundle>, Box<dyn Error>> { /* ... */ }
}

// 2. Configure and start
let config = VtaServiceConfig {
    credential: std::fs::read_to_string("credential.b64")?,
    context: "my-service".into(),
    url_override: None,
};

let result = startup(&config, &MyCache).await?;
// result.did      — your service's DID
// result.bundle   — private keys for DIDComm/signing
// result.source   — SecretSource::Vta or SecretSource::Cache
// result.client   — Some(VtaClient) when VTA is reachable

See the Integration Guide for the full walkthrough.

Quick Start: Direct Client

use vta_sdk::prelude::*;

// Authenticate with a credential bundle
let client = VtaClient::from_credential(&credential_b64, None).await?;

// Create a key
let key = client.create_key(
    CreateKeyRequest::new(KeyType::Ed25519)
        .label("signing-key")
        .context("my-app")
).await?;

// Sign a payload
let sig = client.sign(&key.key_id, b"hello", "EdDSA").await?;

License

Apache-2.0