0xPolygonID · 0xpulkit · Jul 9, 2025 · Nov 20, 2024 · Jan 14, 2025 · Jan 26, 2025
diff --git a/docs/issuer/display-method.md b/docs/issuer/display-method.md
@@ -1,84 +1,134 @@
 ---
 id: display-method
-title: Display method
-sidebar_label: Display method
-description: Display method
+title: "Creating Custom Display Methods: Enhance Credential Presentation and Branding"
+sidebar_label: "Custom Display Methods"
+description: "Learn how to create and manage custom display methods in the Privado Issuer Node to enhance the visual presentation of verifiable credentials, maintain consistent branding, and build user trust."
 keywords:
   - docs
-  - polygon id
+  - privado id
   - issuer node
-  - claim
   - verifiable credentials
   - credential customization
+  - display methods
+  - digital credentials
+  - branding
+  - ipfs
+  - layout
+  - metadata
+  - credential design
+  - digital identity
 ---
 
-import useBaseUrl from '@docusaurus/useBaseUrl';
-
-## Description
-
-To improve credential usage, a client needs to be able to customize the presentation of credentials in user wallets. A standard must be established that will guide the wallet in displaying credential cards. This will improve the user experience and allow issuers to present their own special presentation for credentials.
-
-This tutorial will show you how to create a custom credential representation in a mobile wallet.
-
-## Credential representation configuration
-
-Restrictions:
-
-1. `backgroundImageUrl` and `logo` only support .png and .jpeg formats.
-2. Maximum length for `title` is 60 characters.
-3. Maximum length for `description` is 120 characters.
-
-To configure the credential representation on the PolygonID wallet, follow the steps below:
-
-1. Upload a background and logo for the credential card to IPFS or an HTTP(s) host.
-1. Create a file named metadata.json with the following content:
-   ```json
-   {
-     "title": "KYC Country of Residence",
-     "description": "Know Your Customer Verification",
-     "issuerName": "PolygonID Issuer",
-     "titleTextColor": "#f2743a",
-     "descriptionTextColor": "#f2743a",
-     "issuerTextColor": "#f2743a",
-     "backgroundImageUrl": "ipfs://QmecKDMotkM8a6vxw35CB7iHfToBJnzJrPcmA3gHit9jt9",
-     "logo": {
-       "uri": "ipfs://QmWkSgmHbKRfhndWqHwVgfVpZSrWNiWZMTHb6k5KxY8ySc",
-       "alt": "Logo PolygonID Issuer"
-     }
-   }
-   ```
-   <div align="center">
-       <img src= {useBaseUrl("img/custom-credential-description.png")} align="center" />
-   </div>
-1. Upload the metadata.json file to IPFS or an HTTPS(s) host.
-1. Use the API to issue a verifiable credential with information about the display method. You can do this using the issuer-node API:
-   ```bash
-   POST https://<ISSUER_NODE_ADDRESS>/v1/<ISSUER_DID>/claims
-   ```
-   Body:
-   ```json
-   {
-     "credentialSchema": "https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json/KYCAgeCredential-v3.json",
-     "type": "KYCAgeCredential",
-     "credentialSubject": {
-       "id": "<USER_DID>",
-       "birthday": 19960424,
-       "documentType": 2
-     },
-     "expiration": 1735689600,
-     "displayMethod": {
-       "id": "<IPFS_LINK_OR_HTTP_URL_TO_METADATA_FILE>",
-       "type": "Iden3BasicDisplayMethodV1"
-     }
-   }
-   ```
-1. Fetch the credential using the PolygonID mobile wallet:
-<div align="center">
-    <img src= {useBaseUrl("img/custom-credential.png")} align="center" />
-</div>
-
-Please note that you should replace placeholders like `<ISSUER_NODE_ADDRESS>`, `<ISSUER_DID>`, `<USER_DID>`, `<IPFS_LINK_OR_HTTP_URL_TO_METADATA_FILE>` with actual values as needed for your configuration.
+
+# Custom Display Methods
+
+**What are Custom Display Methods?**  
+They define how a credential is presented to its holder. For instance, a university may issue digital diplomas in a specific layout (with the university’s logo, official colors, etc.) that is visually appealing. A Custom Display Method ensures consistency and brand adherence across all issued credentials.
+
+---
+
+## Example Use Case
+
+**Scenario**: A company wants to issue secure digital certificates as Verifiable Credentials for its employees' achievements or training. Instead of generic text-based credentials, they want a branded, visually appealing credential that includes:
+
+- Company logo  
+- Employee photo  
+- Distinct color scheme  
+- Signature of the HR manager  
+
+By creating a Custom Display Method and referencing it during credential issuance, they ensure each certificate is displayed exactly as intended, maintaining brand identity and professionalism.
+
+---
+
+## Building a Display Method
+
+### Step 1: Fill Out Metadata
+1. Open the [Display Method Builder](https://display-method-dev.privado.id/).
+2. Enter all required metadata fields (name, description, type, etc.) as guided by the [Display Method Documentation](https://docs.privado.id/docs/issuer/display-method/).
+3. Make sure to follow any restrictions or formatting requirements.
+
+![Display Method Builder](../../static/img/display_methods/1.png)
+
+### Step 2: Publish to IPFS
+1. After filling out the metadata, click on “**Publish to IPFS**”.
+2. The Builder will bundle and publish your Display Method JSON to IPFS.
+
+### Step 3: Obtain the IPFS Link
+1. Wait for the publishing response.
+2. Copy the IPFS link provided (e.g., `ipfs://...` or `https://ipfs.io/ipfs/...`).
+3. This link uniquely references your Display Method and will be used in the Issuer Node.
+
+![Obtain the IPFS Link](../../static/img/display_methods/2.png)
+---
+
+## Usage of a Display Method in Issuer Node
+
+### Adding the Display Method to the Issuer Node
+1. In your Issuer Node, navigate to the **Display Method** section (go to `/display-methods/create` or click **Create a Display Method**).
+2. Fill out the form:
+   - Provide a **unique name** for the Display Method (e.g., `KYC Age Display Method` or `Employee Achievement Method`).
+
+   - Paste the **IPFS URL** from the previous step into the `URL` field.
+
+   ![Adding the Display Method to the Issuer Node](../../static/img/display_methods/3.png)
+
+3. Save your changes. The Display Method is now registered with your Issuer Node.
+
+### Using a Display Method When Issuing Credentials
+1. In the **Issue Credential** flow, enable the **Display Method** checkbox.
+2. Select your newly created method from the dropdown list.
+3. Once you issue the credential, it will reference your custom Display Method.
+
+![Using a Display Method When Issuing Credentials](../../static/img/display_methods/4.png)
+
+### Setting a Default Display Method for a Schema
+1. On the **Schema Details** page in the Issuer Node, find the **Display Method** selector.
+2. Choose a default method for that schema.
+3. Any credential issued under this schema will automatically use the default Display Method (unless manually overridden).
+
+![Setting a Default Display Method for a Schema](../../static/img/display_methods/5.png)
+
+---
+
+## Editing or Deleting a Display Method
+To edit or delete a Display Method, go to:
+- The detail page of the Display Method, or
+- The list of all Display Methods.
+
+Locate the **edit** or **delete** icons to make changes accordingly.
+
+![Editing or Deleting a Display Method](../../static/img/display_methods/6.png)
+
+---
+
+## API References
+
+Below is a summary of the relevant API endpoints to manage Display Methods and schemas:
+
+### New APIs Added in the Issuer Node
+- [**Create Custom Display Method**](https://issuer-node-core-api-testing.privado.id/#post-/v2/identities/-identifier-/display-method) 
+- [**Delete Display Method**](https://issuer-node-core-api-testing.privado.id/#delete-/v2/identities/-identifier-/display-method/-id-)
+- [**Get All Display Methods**](https://issuer-node-core-api-testing.privado.id/#get-/v2/identities/-identifier-/display-method)
+- [**Get Display Method**](https://issuer-node-core-api-testing.privado.id/#get-/v2/identities/-identifier-/display-method/-id-)
+- [**Update Display Method**](https://issuer-node-core-api-testing.privado.id/#patch-/v2/identities/-identifier-/display-method/-id-)
+- [**Update Schema**](https://issuer-node-core-api-testing.privado.id/#patch-/v2/identities/-identifier-/schemas/-id-)
+
+### Updated APIs in the Issuer Node
+- [**Get Schemas**](https://issuer-node-core-api-testing.privado.id/#get-/v2/identities/-identifier-/schemas) 
+  - Now returns a `displayMethodID` in the schema response.
+- [**Get Schema**](https://issuer-node-core-api-testing.privado.id/#get-/v2/identities/-identifier-/schemas/-id-)
+  - Now returns a `displayMethodID` in the schema response.
+
+---
 
 ## Links
 
-1. [Display method](https://iden3-communication.io/w3c/display-method/overview)
+1. [Display Method Info](https://iden3-communication.io/w3c/display-method/overview)
+2. [Display Method Builder](https://display-method-dev.privado.id/)
+
+
+
+## Conclusion
+
+With these steps, you can create, manage, and apply custom Display Methods to credentials in the Privado Issuer Node. By leveraging custom layouts, organizations, and institutions can ensure consistent branding and meaningful designs for their verifiable credentials. This not only adds professionalism but also improves the user’s trust and recognition of your issued credentials.
+
diff --git a/docs/issuer/issuer-configuration.md b/docs/issuer/issuer-configuration.md
@@ -95,7 +95,88 @@ then:
 * OnChain - `Iden3commRevocationStatusV1.0` and `Iden3OnchainSparseMerkleTreeProof2023` credential status type
 * All - All the statuses.
 
+## KMS Configuration
 
+Credentials issued by the issuer node are signed using a private key tied to the identity responsible for issuing them. Each identity can have one or more BabyJubJub (BJJ) type private keys. Additionally, the issuer node supports creating Ethereum-controlled identities, where both a BJJ key and an Ethereum (ETH) key are associated with the identity.
+
+#### Identity Types and State Transitions
+- BJJ-Based Identity:
+  - A BJJ type key is generated for the identity to sign credentials and generate zk-proofs for state transitions.
+  - A shared ETH type key (imported during setup) is used to publish zk-proofs on-chain.
+
+- ETH-Based Identity:
+  - Both a BJJ type key and an ETH type key are generated for the identity.
+  - The BJJ type key is used to signs the credentials.
+  - Only the ETH type key is involved in state transition.
+
+The issuer node integrates with various key management solutions to create, sign, and store these keys securely. Depending on your setup, here’s an overview of the available options:
+
+| **KMS Service**       | **Supported Key Types** | **Purpose**                              | **Recommended For**      |
+|------------------------|-------------------------|------------------------------------------|--------------------------|
+| HashiCorp Vault        | BJJ, ETH               | Secure key creation and storage          | Production               |
+| AWS Secrets Manager    | BJJ, ETH               | Secure key storage                       | Production               |
+| AWS KMS                | ETH (only)             | Secure ETH key creation and signing      | Production (ETH only)    |
+| Localstorage           | BJJ, ETH               | Local storage for testing                | Testing Only             |
+
+
+### HashiCorp Vault
+The issuer node integrates with HashiCorp Vault, delegating the creation, signing, and secure storage of both BJJ and ETH keys via a Vault plugin. To configure the issuer node to use Vault as a Key Management Service (KMS), update the .env-issuer file as follows:
+
+```bash
+ISSUER_KMS_BJJ_PROVIDER=vault
+ISSUER_KMS_ETH_PROVIDER=vault
+
+ISSUER_VAULT_USERPASS_AUTH_ENABLED=true
+ISSUER_VAULT_USERPASS_AUTH_PASSWORD=<your-vault-issuernode-password>
+ISSUER_KEY_STORE_ADDRESS=<your-vault-url>
+```
+For detailed steps to configure the Vault plugin, refer to the Docker-based setup in the following repository: [HashiCorp Vault Setup](https://github.com/0xPolygonID/issuer-node/blob/main/infrastructure/local/.vault/scripts/init.sh).
+
+### AWS Secrets Manager
+In this configuration, the issuer node handles the creation of private keys, which are securely stored in AWS Secrets Manager.
+
+Update the .env-issuer file as follows:
+
+```bash
+ISSUER_KMS_BJJ_PROVIDER=aws-sm
+ISSUER_KMS_ETH_PROVIDER=aws-sm
+
+ISSUER_KMS_AWS_ACCESS_KEY=<your-aws-access-key>
+ISSUER_KMS_AWS_SECRET_KEY=<your-aws-secret-key>
+ISSUER_KMS_AWS_REGION=<your-aws-region>
+```
+:::note
+ Ensure the credentials you use have the necessary permissions to access AWS Secrets Manager.
+:::
+Learn more about AWS Secrets Manager here: [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/.)
+
+### AWS KMS Service (Only for ETH Keys)
+Alternatively, AWS KMS can be used exclusively for managing and signing ETH keys, delegating their creation and secure storage to the AWS KMS service.
+
+To configure this setup, update the .env-issuer file as follows:
+
+```bash
+ISSUER_KMS_BJJ_PROVIDER=<localstorage | vault | aws-sm>
+ISSUER_KMS_ETH_PROVIDER=aws-kms
+
+ISSUER_KMS_AWS_ACCESS_KEY=<your-aws-access-key>
+ISSUER_KMS_AWS_SECRET_KEY=<your-aws-secret-key>
+ISSUER_KMS_AWS_REGION=<your-aws-region>
+```
+:::note
+Ensure your credentials have the necessary permissions for AWS KMS.
+:::
+Learn more about AWS KMS service: [AWS KMS](https://aws.amazon.com/kms/?nc1=h_ls)
+
+### Localstorage (For Testing Only)
+For testing purposes, both BJJ and ETH keys can be stored locally as flat files. This option is not recommended for production environments due to its lack of security.
+
+To enable this setup, update the .env-issuer file as follows:
+
+```bash
+ISSUER_KMS_BJJ_PROVIDER=localstorage
+ISSUER_KMS_ETH_PROVIDER=localstorage
+```