Credential Repository Setup

Set up a repository with credential definitions that the registry can discover and publish automatically.

Overview

The registry discovers credentials directly from your repository — no GitHub Action or separate build step is needed. You author credential definitions in your repo, and the registry's build pipeline clones your repo, detects credentials, and publishes them.

Quick Start

  1. Create a credential Markdown file (see Markdown Format): 
    ---
vct: https://credentials.example.com/identity
---

# Identity Credential

A national identity credential.

## Claims

- `given_name` (string): Given name of the holder [mandatory]
- `family_name` (string): Family name of the holder [mandatory]
- `birth_date` (string): Date of birth in ISO 8601 [mandatory]
  2. Add a schema-meta.yaml for TS11 compliance: 
    # identity.schema-meta.yaml
attestationLoS: high
bindingType: key
rulebookURI: https://example.com/rulebook
  3. Tag your repo with the vctm topic on GitHub (or request addition to sources.yaml)
  4. Done. The registry discovers your repo and publishes the credentials within 6 hours

Credential File Formats

The registry supports two approaches for providing credentials:

Markdown (Recommended)

Write credential definitions in Markdown with vct: YAML front matter. The registry automatically converts them to all supported metadata formats (SD-JWT VC, mDOC, W3C VC) using the embedded mtcvctm library.

See the Markdown Format Reference for the full specification.

Pre-built JSON

If you already have credential metadata JSON files, place them directly in your repository:

  • .vctm.json — SD-JWT VC Type Metadata
  • .mdoc.json — mso_mdoc (ISO 18013-5) configuration
  • .vc.json — W3C Verifiable Credentials Data Model 2.0

Example Repository Layout

my-credentials/
├── README.md
├── identity.md                  # Markdown credential definition
├── identity.schema-meta.yaml    # TS11 metadata
├── diploma.md                   # Another credential
├── diploma.schema-meta.yaml
└── license/
    ├── driving-license.vctm.json    # Pre-built JSON
    ├── driving-license.mdoc.json
    └── driving-license.schema-meta.yaml

TS11 Schema Metadata

The schema-meta.yaml file declares TS11 properties for a credential. The filename prefix should match the credential file:

FieldRequiredDescription
attestation_losYesLevel of security: iso_18045_high, iso_18045_moderate, iso_18045_enhanced-basic, iso_18045_basic
binding_typeYesBinding mechanism: key, biometric, claim, none
rulebook_uriNoURI to the attestation policy rulebook
trusted_authoritiesNoList of trusted authority references

Migrating from mtcvctm GitHub Action

If your repository previously used the mtcvctm GitHub Action to build and publish VCTM files, you can migrate to the new registry-cli workflow. The registry now discovers credentials directly from your repository — no build step or GitHub Action is required.

What changed

Old (mtcvctm Action)New (registry-cli)
GitHub Action runs on every push No Action needed — registry discovers your repo
Publishes to a separate vctm branch Credentials live on your default branch
Generates .vctm.json files only Generates .vctm.json, .mdoc.json, .vc.json
No TS11 compliance metadata Full TS11 support via schema-meta.yaml
Legacy vctm-registry.json index TS11 /api/v1/schemas.json + attributes API

Step-by-step migration

  1. Remove the GitHub Action workflow. Delete .github/workflows/publish-vctm.yml (or whatever your mtcvctm workflow file is called).
  2. Keep your Markdown credential files. The .md files with vct: front matter work identically with registry-cli. No changes needed.
  3. Delete the vctm branch (optional). The generated JSON files on this branch are no longer consumed. 
    git push origin --delete vctm
  4. Add schema-meta.yaml files for TS11 compliance. For each credential, create a matching YAML file: 
    # identity.schema-meta.yaml
attestation_los: iso_18045_high    # Required
binding_type: key                  # Required