Sphereon
Enterprise SDK
Deploy enterprise-grade Credential Issuance and Verification with Sphereon EDK.
The Sphereon EDK (Enterprise Developer Kit) is the production-ready runtime and service layer built on top of Sphereon IDK. It gives teams a supported, deployable foundation for verifiable credential issuance and verification, with the operational capabilities that typically take months to engineer: persistence, multi-tenancy, secure key management integration, policy controls, audit-ready logging, and lifecycle management.
Use EDK when you need predictable operations and security boundaries in real environments—multiple issuers/verifiers, multiple tenants, regulated data, and integrations with enterprise IAM and key infrastructure.
If you only need libraries to build and operate everything yourself, see Sphereon IDK.
Sphereon EDK
Sphereon EDK packages and operationalizes core credential flows (OID4VCI issuance and OID4VP verification) as deployable services, so you can integrate verifiable credentials into business applications without turning your team into a platform-operations team. EDK is designed to run in your environment (cloud or on-prem) and to integrate cleanly with existing IAM, API gateways, monitoring, and governance.
- Built on Sphereon IDK, with enterprise hardening and support
- Multi-tenant configuration and isolation patterns
- Persistent storage and lifecycle management for connections, sessions, and transactions
- Key management integration (KMS/HSM abstraction, external key custody where required)
- Operational controls: configuration, audit logging, observability hooks, upgrade path
- Policy and governance hooks for what can be issued, requested, and verified
- Deployment-friendly packaging (containerized services / reference deployments)
Best for: development teams building production-grade applications with strict security, key-custody, and audit/compliance requirements.
Includes: deployable runtimes, database adapters, secure key integrations, and compliance-grade logging hooks.
Technical specifications:
The Sphereon EDK supports the same standards and core credential protocols as Sphereon IDK (DIDs, Verifiable Credentials, OID4VC issuance and presentation), and adds the runtime, security, and integration layers required for enterprise production deployments.
1) Production runtimes and deployment model
- High-performance runtimes: optimized for GraalVM and Native Image deployments to enable fast startup times and lower memory footprints.
- Deployment targets: designed for microservices and serverless-style environments (e.g., Spring Boot and Ktor deployments).
2) Enterprise key integrations and key custody
- Qualified/managed signing providers: direct integrations with commercial QTSP-style signing providers (examples in Appendix B include Digidentity and DigitelTS).
- Enterprise key vault integrations: supports integrations with systems such as HashiCorp Vault and other enterprise key infrastructure as required by customer security policy.
- No key material in application code: application logic requests signing operations; private keys remain in secure external key systems.
3) Persistence and datastore adapters
- Datastore connectors: pre-built adapters for enterprise databases (SQL and NoSQL) to store credential states and DID-related data securely.
- Operational state management: persistence patterns suitable for long-running and multi-step credential workflows.
4) Security architecture and compliance controls
- Zero-trust oriented design: built to integrate with enterprise security policies and least-privilege approaches.
- Enterprise logging: hooks and patterns for audit-ready logging aligned to regulated environments.
- Policy integration: supports integration with enterprise policy controls to enforce security requirements consistently.
5) Intended usage profile
- Enterprise development teams: for teams building identity and credential applications that require strict controls over key storage and usage.
- Compliance-driven organizations: suitable where security frameworks and audits (e.g., ISO 27001, SOC 2) drive requirements around key custody, traceability, and operational governance.
- Developer control with reduced risk: teams build the business logic themselves, while EDK reduces security and operational risk through hardened runtime and integrations.