This post is a technical guide on how to connect a database to a W3C verifiable credential issuance workflow with the Trinsic SDK.
Many existing companies who build IDtech products look for a way to get user data from a database into a verifiable credential format. Since we’re still early in verifiable credential adoption, tactics like issuing credentials from a database are great for kickstarting an ecosystem and giving users valuable credentials.
We’ll outline six steps below (including relevant JavaScript code snippets) for how you can export data from a database and issue it to a user as a verifiable credential.
6 Steps for Issuing Verifiable Credentials From a Database
- Identify your data source
- Create a credential template in the Trinsic dashboard
- Set up the Trinsic SDK
- Query the data from the database
- Transform the data into a JSON that maps to the credential template
- Issue and send credentials to the user wallets
Identify Your Data Source
In this scenario, imagine you have a small group who have signed up for an event, and you’d like to issue them a verifiable credential to use as their event ticket. We have a very simple database with five users, each with four attributes that looks something like what is shown below. You’ll need to be able to query this database.
Create a Credential Template
In the Trinsic Dashboard, you can create a simple template that includes:
- Name
- Age
- Allergies
Make sure the credential template fields map to the information that is in your database. Once your credential template is created, you’ll need to refer to the templateId
in a future step.
Set Up the Trinsic SDK
Call the Trinsic service so you can seamlessly sign and issue credentials once you’ve exported and formatted the data. In this scenario, you will be using the issuer auth token.
import { TrinsicService } from "@trinsic/trinsic";
async function main() {
// Construct a TrinsicService and configure it with the auth token for your issuer wallet
const trinsic = new TrinsicService();
trinsic.setAuthToken("[ISSUER AUTH TOKEN]");
Query the Data From the SQLite Database
You’ll write a short script that queries your database. In our example we’re using a SQLite database and have written some JavaScript shown below:
// Load the database for this example.
// In this example, we're using SQLite -- your use case will look different depending on your data source.
const db = await open({
filename: './data/attendees.db',
driver: sqlite3.Database
});
// Fetch the data from the database
const attendees = await db.all("SELECT email, name, age, allergies FROM attendees");
Transform the Data Into a JSON That Maps to the Credential Template
Then we loop over each row of user information, storing each property in credentialValues
that corresponds with the credential template we previously defined. In the next step this JSON blob will be signed and become a verifiable credential.
for (const attendee of attendees) {
// Prepare the JSON to issue the credential
// The key names here must match the key names used when creating the template
const credentialValues = {
name: attendee.name,
age: attendee.age,
email: attendee.email,
allergies: attendee.allergies
};
Issue and Send Credentials to the User Wallets
Once credentialValues
is set, we call issueFromTemplate
, referencing the templateId
. This call returns a signed credential.
// Issue the credential -- this returns a signed credential, but does not store it in a wallet yet
const issuedCredential = await trinsic.credential().issueFromTemplate({
templateId: templateId, // Use your template ID here
valuesJson: JSON.stringify(credentialValues)
});
The signed credential can now be sent to a user’s wallet. Even if a user doesn’t have an existing wallet, you can send it to their email, allowing them to access a credential without needing to download a new app or create a new username and password.
// Store the credential in the attendee's wallet; this will create it if it does not exist.
await trinsic.credential().send({
email: attendee.email,
documentJson: issuedCredential.documentJson
Conclusion
As you can imagine, there are many edge cases that may complicate this process. In future walkthroughs we could explore issuing credentials from a CSV file, or issuing credentials to identifiers other than emails, or any other situations that you would find valuable. Let us know by emailing or writing in Slack.
For the full code snippet for this scenario, here’s the GitHub link.