vta-sdk
SDK for Verifiable Trust Agents operating in Verifiable Trust Communities. Part of the First Person Network project.
Overview
vta-sdk provides the types, HTTP/DIDComm client, session management, and
protocol constants needed to interact with a VTA service:
- Types -- shared data models for keys, contexts, ACL entries, sessions, and audit records.
- HTTP client -- typed REST client for all VTA endpoints (requires
clientfeature). - DIDComm -- DIDComm v2 message construction and secrets resolution
(requires
didcommfeature). - Session management -- credential import, challenge-response auth, and
automatic token refresh (requires
sessionfeature). - Integration module -- unified startup pattern for services that manage
their DID and keys through a VTA (requires
integrationfeature).
Feature Flags
| Feature | Default | Description |
|---|---|---|
client |
No | VTA HTTP client (reqwest-based) with lightweight auth |
didcomm |
No | DIDComm v2 message support |
session |
No | Full session management (implies client + didcomm) |
integration |
No | Service startup module with offline resilience (implies client + session) |
keyring |
No | OS keyring session storage |
config-session |
No | File-based session storage |
azure-secrets |
No | Azure Key Vault secrets resolver |
Usage
Add to your Cargo.toml:
[]
# Types only (no network)
= "0.5"
# Full client with session management
= { = "0.5", = ["session", "keyring"] }
# Service integration with offline resilience
= { = "0.5", = ["integration"] }
Quick Start: Service Integration
The integration module provides a one-call startup pattern for services
that delegate key management to a VTA:
use ;
// 1. Implement SecretCache for your storage backend
;
// 2. Configure and start
let config = VtaServiceConfig ;
let result = startup.await?;
// result.did — your service's DID
// result.bundle — private keys for DIDComm/signing
// result.source — SecretSource::Vta or SecretSource::Cache
// result.client — Some(VtaClient) when VTA is reachable
See the Integration Guide for the full walkthrough.
Quick Start: Direct Client
use *;
// Authenticate with a credential bundle
let client = from_credential.await?;
// Create a key
let key = client.create_key.await?;
// Sign a payload
let sig = client.sign.await?;
License
Apache-2.0