Overview
The AnonCredsApi provides methods for working with AnonCreds, a privacy-preserving credential format that supports zero-knowledge proofs and predicates.
AnonCreds is typically used with Hyperledger Indy and supports:
- Zero-knowledge proofs
- Predicate proofs (e.g., age > 18 without revealing exact age)
- Revocation
- Multi-credential proofs
import { AnonCredsModule } from '@credo-ts/anoncreds'
import { Agent } from '@credo-ts/core'
const agent = new Agent({
// ...
modules: {
anoncreds: new AnonCredsModule({
registries: [indyVdrRegistry],
}),
},
})
// Access via modules
const api = agent.modules.anoncreds
Setup Methods
createLinkSecret()
Create a link secret (master secret) for the holder. Required before receiving credentials.
const linkSecretId = await agent.modules.anoncreds.createLinkSecret({
linkSecretId: 'my-link-secret',
setAsDefault: true,
})
console.log('Link secret created:', linkSecretId)
Optional ID for the link secret. Generated if not provided.
Whether to set as default link secret. First link secret is always default.
Promise<string> - The link secret ID
getLinkSecretIds()
Get all link secret IDs created by the agent.
const linkSecretIds = await agent.modules.anoncreds.getLinkSecretIds()
console.log('Link secrets:', linkSecretIds)
Promise<string[]>
Schema Operations
registerSchema()
Register a credential schema on the ledger.
const result = await agent.modules.anoncreds.registerSchema({
schema: {
issuerId: issuerDid,
name: 'Employee Credential',
version: '1.0',
attrNames: ['name', 'employee_id', 'department', 'hire_date'],
},
options: {},
})
if (result.schemaState.state === 'finished') {
const schemaId = result.schemaState.schemaId
console.log('Schema registered:', schemaId)
}
Schema definition:
issuerId: Issuer DIDname: Schema nameversion: Schema versionattrNames: Array of attribute names
Registry-specific options
Promise<RegisterSchemaReturn>
getSchema()
Retrieve a schema from the ledger.
const { schema, resolutionMetadata } = await agent.modules.anoncreds.getSchema(
'did:indy:sovrin:5nDyJVP1NrcPAttP3xwMB9/anoncreds/v0/SCHEMA/Employee/1.0'
)
if (schema) {
console.log('Schema:', schema.attrNames)
}
options
AnonCredsResolutionOptions
Resolution options
Promise<GetSchemaReturn>
getCreatedSchemas()
Get schemas created by this agent.
const schemas = await agent.modules.anoncreds.getCreatedSchemas({
schemaName: 'Employee Credential',
})
query
SimpleQuery<AnonCredsSchemaRecord>
required
Query to filter schemas
Promise<AnonCredsSchemaRecord[]>
Credential Definition Operations
registerCredentialDefinition()
Register a credential definition on the ledger.
const result = await agent.modules.anoncreds.registerCredentialDefinition({
credentialDefinition: {
issuerId: issuerDid,
schemaId: schemaId,
tag: 'default',
},
options: {
supportRevocation: true,
},
})
if (result.credentialDefinitionState.state === 'finished') {
const credDefId = result.credentialDefinitionState.credentialDefinitionId
console.log('Credential definition registered:', credDefId)
}
options.credentialDefinition
AnonCredsRegisterCredentialDefinitionOptions
required
Credential definition options:
issuerId: Issuer DIDschemaId: Schema identifiertag: Tag to distinguish multiple definitions for same schema
Options:
supportRevocation: Whether to support revocation
Promise<RegisterCredentialDefinitionReturn>
getCredentialDefinition()
Retrieve a credential definition.
const { credentialDefinition } = await agent.modules.anoncreds.getCredentialDefinition(
credentialDefinitionId
)
if (credentialDefinition) {
console.log('Schema ID:', credentialDefinition.schemaId)
}
Credential definition identifier
options
AnonCredsResolutionOptions
Resolution options
Promise<GetCredentialDefinitionReturn>
getCreatedCredentialDefinitions()
Get credential definitions created by this agent.
const credDefs = await agent.modules.anoncreds.getCreatedCredentialDefinitions({
schemaId: schemaId,
})
query
SimpleQuery<AnonCredsCredentialDefinitionRecord>
required
Query to filter credential definitions
Promise<AnonCredsCredentialDefinitionRecord[]>
Revocation Operations
registerRevocationRegistryDefinition()
Register a revocation registry definition.
const result = await agent.modules.anoncreds.registerRevocationRegistryDefinition({
revocationRegistryDefinition: {
issuerId: issuerDid,
tag: 'default',
credentialDefinitionId: credDefId,
maximumCredentialNumber: 1000,
},
options: {},
})
if (result.revocationRegistryDefinitionState.state === 'finished') {
const revRegDefId = result.revocationRegistryDefinitionState.revocationRegistryDefinitionId
console.log('Revocation registry registered:', revRegDefId)
}
options.revocationRegistryDefinition
AnonCredsRegisterRevocationRegistryDefinitionOptions
required
Revocation registry options:
issuerId: Issuer DIDtag: Tag for registrycredentialDefinitionId: Associated credential definitionmaximumCredentialNumber: Maximum number of credentials
Registry-specific options
Promise<RegisterRevocationRegistryDefinitionReturn>
getRevocationRegistryDefinition()
Retrieve a revocation registry definition.
const { revocationRegistryDefinition } =
await agent.modules.anoncreds.getRevocationRegistryDefinition(revRegDefId)
revocationRegistryDefinitionId
Revocation registry definition identifier
options
AnonCredsResolutionOptions
Resolution options
Promise<GetRevocationRegistryDefinitionReturn>
registerRevocationStatusList()
Register the initial revocation status list.
const result = await agent.modules.anoncreds.registerRevocationStatusList({
revocationStatusList: {
issuerId: issuerDid,
revocationRegistryDefinitionId: revRegDefId,
},
options: {},
})
options.revocationStatusList
AnonCredsRegisterRevocationStatusListOptions
required
Revocation status list options
Registry-specific options
Promise<RegisterRevocationStatusListReturn>
updateRevocationStatusList()
Update the revocation status list (revoke or un-revoke credentials).
const result = await agent.modules.anoncreds.updateRevocationStatusList({
revocationStatusList: {
revocationRegistryDefinitionId: revRegDefId,
revokedCredentialIndexes: [1, 5, 10], // Revoke these
issuedCredentialIndexes: [],
},
options: {},
})
options.revocationStatusList
AnonCredsUpdateRevocationStatusListOptions
required
Update options:
revocationRegistryDefinitionId: Registry IDrevokedCredentialIndexes: Credential indexes to revokeissuedCredentialIndexes: Credential indexes to issue
Registry-specific options
Promise<RegisterRevocationStatusListReturn>
getRevocationStatusList()
Retrieve a revocation status list at a specific timestamp.
const { revocationStatusList } =
await agent.modules.anoncreds.getRevocationStatusList(
revRegDefId,
Date.now()
)
revocationRegistryDefinitionId
Revocation registry definition identifier
Timestamp to query (milliseconds since epoch)
options
AnonCredsResolutionOptions
Resolution options
Promise<GetRevocationStatusListReturn>
Credential Operations
getCredential()
Get a stored AnonCreds credential by ID.
const credential = await agent.modules.anoncreds.getCredential(credentialId)
console.log('Credential:', credential)
Promise<AnonCredsCredential>
getCredentials()
Get all stored AnonCreds credentials matching options.
const credentials = await agent.modules.anoncreds.getCredentials({
credentialDefinitionId: credDefId,
})
console.log(`Found ${credentials.length} credentials`)
options
GetCredentialsOptions
required
Filter options
Promise<AnonCredsCredential[]>
Complete Example
Issuer Setup
import { Agent } from '@credo-ts/core'
import { AnonCredsModule } from '@credo-ts/anoncreds'
const issuer = new Agent({
// ...
modules: {
anoncreds: new AnonCredsModule({
registries: [indyVdrRegistry],
}),
},
})
await issuer.initialize()
// Register schema
const schemaResult = await issuer.modules.anoncreds.registerSchema({
schema: {
issuerId: 'did:indy:sovrin:V4SGRU86Z58d6TV7PBUe6f',
name: 'EmployeeCredential',
version: '1.0',
attrNames: ['name', 'employee_id', 'department', 'hire_date', 'salary'],
},
options: {},
})
const schemaId = schemaResult.schemaState.schemaId
// Register credential definition
const credDefResult = await issuer.modules.anoncreds.registerCredentialDefinition({
credentialDefinition: {
issuerId: 'did:indy:sovrin:V4SGRU86Z58d6TV7PBUe6f',
schemaId,
tag: 'employee-2024',
},
options: {
supportRevocation: true,
},
})
const credDefId = credDefResult.credentialDefinitionState.credentialDefinitionId
// Register revocation registry
const revRegResult = await issuer.modules.anoncreds.registerRevocationRegistryDefinition({
revocationRegistryDefinition: {
issuerId: 'did:indy:sovrin:V4SGRU86Z58d6TV7PBUe6f',
tag: 'default',
credentialDefinitionId: credDefId,
maximumCredentialNumber: 5000,
},
options: {},
})
const revRegDefId = revRegResult.revocationRegistryDefinitionState.revocationRegistryDefinitionId
// Register initial revocation status list
await issuer.modules.anoncreds.registerRevocationStatusList({
revocationStatusList: {
issuerId: 'did:indy:sovrin:V4SGRU86Z58d6TV7PBUe6f',
revocationRegistryDefinitionId: revRegDefId,
},
options: {},
})
Holder Setup
import { Agent } from '@credo-ts/core'
import { AnonCredsModule } from '@credo-ts/anoncreds'
const holder = new Agent({
// ...
modules: {
anoncreds: new AnonCredsModule({
registries: [indyVdrRegistry],
}),
},
})
await holder.initialize()
// Create link secret (required before receiving credentials)
const linkSecretId = await holder.modules.anoncreds.createLinkSecret({
setAsDefault: true,
})
console.log('Link secret created:', linkSecretId)
// Now ready to receive AnonCreds credentials via DIDComm
Revoking a Credential
// Revoke credential at index 42
const result = await issuer.modules.anoncreds.updateRevocationStatusList({
revocationStatusList: {
revocationRegistryDefinitionId: revRegDefId,
revokedCredentialIndexes: [42],
issuedCredentialIndexes: [],
},
options: {},
})
if (result.revocationStatusListState.state === 'finished') {
console.log('Credential revoked successfully')
}
Usage with DIDComm
AnonCreds is typically used with DIDComm credential exchange:
// Issue credential via DIDComm
const credentialRecord = await agent.didcomm.credentials.offerCredential({
connectionId,
protocolVersion: 'v2',
credentialFormats: {
anoncreds: {
credentialDefinitionId: credDefId,
attributes: [
{ name: 'name', value: 'Alice Smith' },
{ name: 'employee_id', value: 'E12345' },
{ name: 'department', value: 'Engineering' },
{ name: 'hire_date', value: '2024-01-15' },
{ name: 'salary', value: '75000' },
],
},
},
autoAcceptCredential: AutoAcceptCredential.ContentApproved,
})
// Request proof via DIDComm
const proofRecord = await agent.didcomm.proofs.requestProof({
connectionId,
protocolVersion: 'v2',
proofFormats: {
anoncreds: {
name: 'Employment Verification',
version: '1.0',
requested_attributes: {
name: {
name: 'name',
restrictions: [{ cred_def_id: credDefId }],
},
department: {
name: 'department',
restrictions: [{ cred_def_id: credDefId }],
},
},
requested_predicates: {
salary: {
name: 'salary',
p_type: '>=',
p_value: 50000,
restrictions: [{ cred_def_id: credDefId }],
},
},
},
},
})
See Also