Skip to main content

Identity Technology Showcase

This guide will take you through the suite of Identity software available on Solana.


For this demo you'll need the following setup on your machine:

  • Node 14+
  • yarn
  • Solana Tool Suite (1.8.0+)

For demo purposes we will use the node:16 docker image that comes with node and yarn and install all relevant software inside this dedicated environment

$ docker run -it node:16 /bin/bash


The Solana Tool Suite will allow you to interact with Solana via the cli.

# Install the Solana tool suite
$ sh -c "$(curl -sSfL"

# Export the given path (or and add it to .profile (or equivalent for your shell)) e.g.
$ export PATH="$HOME/.local/share/solana/install/active_release/bin:$PATH"

# Check that Solana is installed and accessible
$ solana --version

# Setup a new key-pair for the demo
$ solana-keygen new

# We do this demo in Devnet
$ solana config set -u devnet

SOL DID Client

The SOL DID client allows you to manage DID documents on Solana.

$ yarn global add

Cryptid Client

The Cryptid client allows you to manage your Cryptid account on the cli.

See here for more information on Cryptid.

$ yarn global add

$ cryptid --help

Gateway Client

The gateway client allows the management of "Gateway Tokens". A gateway token is required for a user to prove that they have been verified by a gatekeeper before being allowed to use certain on-chain applications. The rules required for a gatekeeper to issue a token could include things like age checks, OFAC checks, etc.

More information can be found here.

$ yarn global add

$ gateway --help

Getting started with did:sol

Here we show how to display your Solana address using the Solana client, and displaying your DID document using the sol-did cli.

You can follow the steps below and follow along on YouTube:

# Display your Solana address
$ solana address

# A DID is automatically derived from any solana public key. Display the DID document.
$ sol did:sol:devnet:$(solana address)

Visit and resolve the above DID using the Universal Resolver.

Manipulating SOL DIDs

Below is an introduction to Cryptid, a tool for manipulating DID documents on Solana. In this example, we will demonstrate key rotation using the Cryptid CLI tool by:

  • adding an additional key to your DID
  • removing your original key (e.g. if it has been compromised)
  • retaining access to your Cryptid account via the additional key

You can go through the steps below and follow along on YouTube:

# Initialize Cryptid configuration (using your Solana key by default)
$ cryptid init

# View the Cryptid configuration
$ cryptid config

# View your DID document
$ cryptid document

# Airdop SOL to the signing key and Cryptid account (so that we can add additional keys to our account)
$ cryptid airdrop

# Generate a new Solana key
$ solana-keygen new -o key2.json

# Add the new public key to your Cryptid account, with 'key2' as an alias
$ cryptid key add <pubkey> key2

# Transfer SOL to the new key
$ cryptid transfer <pubkey> 1000000

# View the updated DID document (with the additional key added)
$ cryptid document

# Update Cryptid configuration to use the new key by default
$ cryptid config set keyFile $(pwd)/key2.json

# Remove the default key
$ cryptid key remove default

# Check the updated DID document
$ cryptid document

# Update Cryptid configuration to use the original (default) key
$ cryptid config set keyFile $HOME/.config/solana/id.json

# Expect transfer of using the removed key to fail
$ cryptid transfer <pubkey> 1000000

# Switch back to your new key
$ cryptid config set keyFile $(pwd)/key2.json


Here we show how you can use Cryptid to setup one DID to be a controller of another DID. For example, if a DID represents a business in the real world, the CEO's DID can be setup as a controller of the business. This will allow the CEO to sign as that business using their own keys.

You can go through the steps below and follow along on YouTube:

# Create a key from which a new DID will be derived. We will be using this DID for the account we are going to control.
$ solana-keygen new -o controlled.json

# Create a Cryptid configuration for the new DID, called `controlled.yml` for the account we are going to control.
$ cryptid init -k controlled.json -p controlled.yml

# Check the configuration. With the `-c controlled.yml` you are instructing Cryptid to use the config of the new DID
# instead of the config at `$HOME/.config/cryptid/config.yml`
$ cryptid config -c controlled.yml

# Fund the new DID's Cryptid account so that we can add the controller DID to it
$ cryptid transfer <NEW_DID> 100000000

# Fund the #default signer
$ cryptid transfer <pubkey controlled.json> 100000000

# Add your main account as a controller of the new DID
$ cryptid controller add -c controlled.yml <OLD_DID>

# Add an alias for the controlled did (for convenience)
$ cryptid alias controlled <NEW_DID>

# Add an alias for your original did (for convenience)
$ cryptid alias me <OLD_DID>

# Check the DID document for the controlled Cryptid account.
# By using `--as controlled`, we are instructing Cryptid to perform actions using your default DID while controlling
# the `controlled` DID.
$ cryptid document --as controlled

# Check the balance for the controlled Cryptid account
$ cryptid balance --as controlled

# Perform a transfer transaction from the controlled account, signing with the default account.
$ cryptid transfer me 0.1 --as controlled

Browse to the link provided to view your transaction on

Cryptid Wallet UI

We can achieve the same controller relationship as above, by adding our Cryptid UI wallet as a controller to the account created above.

# Add your UI did as a controller to your CLI account
$ cryptid controller add -c controlled.yml <UI_DID>
  • Add controlled DID to UI
  • Transfer 0.1 from controlled to UI Cryptid account


Here we will show how to issue a gateway token to a Cryptid address from a public dummy gatekeeper. This example will show how you cannot mint a NFT until a gateway token has been issued.

You can go through the steps below and follow along on YouTube:

Visit and notice that you cannot yet mint an NFT.

# Issue a gateway token to your Cryptid address
$ gateway issue -g $HOME/.config/solana/id.json -c devnet <CONTROLLED CRYPTID ADDRESS>

Visit again, and notice that you can now mint an NFT.

Credentials & Gateway

Here is an end-to-end showcase to show a "real life" example of a gateway token issuance based on credentials. This will show how you cannot mint and NFT until you've gone through a Civic KYC process, signed the credentials with Cryptid and issued a gateway token to your Cryptid account. are partnered with Civic, and the Civic KYC process is used in the demo application. It is not a pre-requisite for receiving a gateway token.

You can go through the steps below and follow along on YouTube: