DID Setup
A Decentralized Identifier (DID) is required before your organization can issue any credentials. The DID is your organization's cryptographic identity — it holds the key pair used to sign credentials.
Creating Your DID
- Go to your Dashboard
- Find the Organization Info card at the bottom
- Click Create DID
- Wait for confirmation — this takes a few seconds
That's it. DPP Kit handles the rest:
- Generates a cryptographic key pair (Ed25519)
- Creates a
did:webidentifier based on your org slug - Publishes the DID Document so verifiers can find your public key
- Stores the private key securely in VCKit
Your DID Format
Your DID follows the did:web method:
did:web:app.dppkit.io:org:your-org-slug
The corresponding DID Document is served at:
https://app.dppkit.io/org/your-org-slug/did.json
After DID Creation
Once your DID is created:
- The organization card shows your DID string
- You can now issue credentials
- The onboarding checklist marks "Create a DID" as complete
info
Each organization has its own DID and key pair. DPP Kit never shares cryptographic identity across organizations, even in development.
Key Rotation
If you need to rotate your organization's signing key (e.g., due to a security concern):
- Go to Toolkit > Organization
- Click Rotate DID Key
- A new key pair is generated and the DID Document is updated
Previously issued credentials remain valid — they were signed with the old key, which is still listed in the DID Document's key history.