diff --git a/README.md b/README.md
index f1322bbb..6fb11670 100644
--- a/README.md
+++ b/README.md
@@ -1,51 +1,57 @@
 # Minimum Viable Dataspace Demo
 
 <!-- TOC -->
+
 * [Minimum Viable Dataspace Demo](#minimum-viable-dataspace-demo)
-  * [1. Introduction](#1-introduction)
-  * [2. Purpose of this Demo](#2-purpose-of-this-demo)
-  * [3. The Scenario](#3-the-scenario)
-    * [3.1 Participants](#31-participants)
-    * [3.2 Data setup](#32-data-setup)
-    * [3.3 Access control](#33-access-control)
-    * [3.4 DIDs, participant lists and VerifiableCredentials](#34-dids-participant-lists-and-verifiablecredentials)
-  * [4. Running the demo (inside IntelliJ)](#4-running-the-demo-inside-intellij)
-    * [4.1 Starting the runtimes](#41-starting-the-runtimes)
-    * [4.2 Seeding the dataspace](#42-seeding-the-dataspace)
-    * [4.3 Next steps](#43-next-steps)
-  * [5. Running the Demo (Kubernetes)](#5-running-the-demo-kubernetes)
-    * [5.1 Build the runtime images](#51-build-the-runtime-images)
-    * [5.2 Create the K8S cluster](#52-create-the-k8s-cluster)
-    * [5.3 Seed the dataspace](#53-seed-the-dataspace)
-    * [5.4 Debugging MVD in Kubernetes](#54-debugging-mvd-in-kubernetes)
-  * [6. Differences between Kubernetes and IntelliJ](#6-differences-between-kubernetes-and-intellij)
-    * [6.1 In-memory databases](#61-in-memory-databases)
-    * [6.2 Memory-based secret vaults](#62-memory-based-secret-vaults)
-    * [6.3 Embedded vs Remote STS](#63-embedded-vs-remote-sts)
-  * [7. Executing REST requests using Postman](#7-executing-rest-requests-using-postman)
-    * [7.1 Get the catalog](#71-get-the-catalog)
-    * [7.2 Initiate the contract negotiation](#72-initiate-the-contract-negotiation)
-    * [7.3 Query negotiation status](#73-query-negotiation-status)
-    * [7.4 Initiate data transfer](#74-initiate-data-transfer)
-    * [7.5 Query data transfers](#75-query-data-transfers)
-    * [7.6 Get EndpointDataReference](#76-get-endpointdatareference)
-    * [7.7 Get access token for EDR](#77-get-access-token-for-edr)
-    * [7.8 Fetch data](#78-fetch-data)
-  * [8. Custom extensions in MVD](#8-custom-extensions-in-mvd)
-    * [8.1 Catalog Node Resolver](#81-catalog-node-resolver)
-    * [8.2 Default scope mapping function](#82-default-scope-mapping-function)
-    * [8.3 Scope extractor for `DataProcessor` credentials](#83-scope-extractor-for-dataprocessor-credentials)
-    * [8.4 Policy evaluation functions](#84-policy-evaluation-functions)
-      * [8.4.1 Membership evaluation function](#841-membership-evaluation-function)
-      * [8.4.2 DataAccessLevel evaluation function](#842-dataaccesslevel-evaluation-function)
-    * [8.5 Scope-to-criterion transformer](#85-scope-to-criterion-transformer)
-    * [8.6 Super-user seeding](#86-super-user-seeding)
-  * [9. Other caveats, shortcuts and workarounds](#9-other-caveats-shortcuts-and-workarounds)
-    * [9.1 In-memory stores in local deployment](#91-in-memory-stores-in-local-deployment)
-    * [9.2 DID resolution](#92-did-resolution)
-      * [9.2.1 `did:web` for participants](#921-didweb-for-participants)
-      * [9.2.2 `did:example` for the dataspace credential issuer](#922-didexample-for-the-dataspace-credential-issuer)
-    * [9.3 No issuance (yet)](#93-no-issuance-yet)
+    * [1. Introduction](#1-introduction)
+    * [2. Purpose of this Demo](#2-purpose-of-this-demo)
+    * [3. The Scenario](#3-the-scenario)
+        * [3.1 Participants](#31-participants)
+        * [3.2 Data setup](#32-data-setup)
+        * [3.3 Access control](#33-access-control)
+        * [3.4 DIDs, participant lists and VerifiableCredentials](#34-dids-participant-lists-and-verifiablecredentials)
+    * [4. Running the demo (inside IntelliJ)](#4-running-the-demo-inside-intellij)
+        * [4.1 Starting the runtimes](#41-starting-the-runtimes)
+        * [4.2 Seeding the dataspace](#42-seeding-the-dataspace)
+        * [4.3 Next steps](#43-next-steps)
+    * [5. Running the Demo (Kubernetes)](#5-running-the-demo-kubernetes)
+        * [5.1 Build the runtime images](#51-build-the-runtime-images)
+        * [5.2 Create the K8S cluster](#52-create-the-k8s-cluster)
+        * [5.3 Seed the dataspace](#53-seed-the-dataspace)
+        * [5.4 Debugging MVD in Kubernetes](#54-debugging-mvd-in-kubernetes)
+    * [6. Differences between Kubernetes and IntelliJ](#6-differences-between-kubernetes-and-intellij)
+        * [6.1 In-memory databases](#61-in-memory-databases)
+        * [6.2 Memory-based secret vaults](#62-memory-based-secret-vaults)
+        * [6.3 Embedded vs Remote STS](#63-embedded-vs-remote-sts)
+    * [7. Executing REST requests using Postman](#7-executing-rest-requests-using-postman)
+        * [7.1 Get the catalog](#71-get-the-catalog)
+        * [7.2 Initiate the contract negotiation](#72-initiate-the-contract-negotiation)
+        * [7.3 Query negotiation status](#73-query-negotiation-status)
+        * [7.4 Initiate data transfer](#74-initiate-data-transfer)
+        * [7.5 Query data transfers](#75-query-data-transfers)
+        * [7.6 Get EndpointDataReference](#76-get-endpointdatareference)
+        * [7.7 Get access token for EDR](#77-get-access-token-for-edr)
+        * [7.8 Fetch data](#78-fetch-data)
+    * [8. Custom extensions in MVD](#8-custom-extensions-in-mvd)
+        * [8.1 Catalog Node Resolver](#81-catalog-node-resolver)
+        * [8.2 Default scope mapping function](#82-default-scope-mapping-function)
+        * [8.3 Scope extractor for `DataProcessor` credentials](#83-scope-extractor-for-dataprocessor-credentials)
+        * [8.4 Policy evaluation functions](#84-policy-evaluation-functions)
+            * [8.4.1 Membership evaluation function](#841-membership-evaluation-function)
+            * [8.4.2 DataAccessLevel evaluation function](#842-dataaccesslevel-evaluation-function)
+        * [8.5 Scope-to-criterion transformer](#85-scope-to-criterion-transformer)
+        * [8.6 Super-user seeding](#86-super-user-seeding)
+    * [9. Advanced topics](#9-advanced-topics)
+        * [9.1 Regenerating issuer keys](#91-regenerating-issuer-keys)
+        * [9.2 Regenerating participant keys](#92-regenerating-participant-keys)
+    * [10. Other caveats, shortcuts and workarounds](#10-other-caveats-shortcuts-and-workarounds)
+        * [10.1 In-memory stores in local deployment](#101-in-memory-stores-in-local-deployment)
+        * [10.2 DID resolution](#102-did-resolution)
+            * [10.2.1 `did:web` for participants](#1021-didweb-for-participants)
+            * [10.2.2
+              `did:example` for the dataspace credential issuer](#1022-didexample-for-the-dataspace-credential-issuer)
+        * [10.3 No issuance (yet)](#103-no-issuance-yet)
+
 <!-- TOC -->
 
 ## 1. Introduction
@@ -246,6 +252,7 @@ following tools are installed and readily available:
 - Git
 - a POSIX compliant shell
 - Postman (to comfortably execute REST requests)
+- `openssl`, optional, but required to [regenerate keys](#91-regenerating-issuer-keys)
 - `newman` (to run Postman collections from the command line)
 - not needed, but recommended: Kubernetes monitoring tools like K9s
 
@@ -704,12 +711,70 @@ defaults and customize your "super-user" and find out what breaks :)
 
 > NB: doing this in anything but a demo installation is **not** recommended, as it poses significant security risks!
 
-## 9. Other caveats, shortcuts and workarounds
+## 9. Advanced topics
+
+### 9.1 Regenerating issuer keys
+
+The dataspace issuer is the authoritative entity that can issue Verifiable Credentials to participants. For that, two
+things are needed: a private/public key pair to sign credentials, and a DID document for verifiers to obtain the
+dataspace issuer's public key.
+
+Consequently, when the dataspace issuer's keys should be updated, these aforementioned places are relevant.
+
+The first step is to create a new key pair:
+
+```shell
+openssl genpkey -algorithm ed25519 -out deployment/assets/issuer_private.pem
+openssl pkey -in assets/issuer_private.pem -pubout -out assets/issuer_public.pem
+```
+
+These puts a new key pair in `deployment/assets/`. Note that the path is arbitrary, but needs to be consistent with
+subsequent steps.
+Next, we need to re-sign the participants' credentials, update the database seed data and update the issuer's DID
+document.
+
+There is no easy or convenient way to do this natively on the command line, so we created a test
+named [JwtSigner.java](launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java) that does all that.
+Simply executing the test performs all these steps, updates files etc.
+
+The only thing left to do is to clean-rebuild-restart the applications (IntelliJ) or rebuild and redeploy (Kubernetes).
+
+### 9.2 Regenerating participant keys
+
+#### 9.2.1 IntelliJ deployment:
+
+keys must be seeded at startup time (due to [this limitation](#62-memory-based-secret-vaults)).
+In addition, if consumer and provider have the same key, that makes things a bit easier, because it removes the need to
+seed the keys via config or commandline argument. That said, the process is similar to the dataspace issuer:
+
+```shell
+openssl genpkey -algorithm ed25519 -out deployment/assets/consumer_private.pem
+openssl pkey -in assets/consumer_private.pem -pubout -out assets/consumer_public.pem
+
+# use the same key for provider:
+cp  deployment/assets/consumer_private.pem  deployment/assets/provider_private.pem
+cp  deployment/assets/consumer_public.pem  deployment/assets/provider_public.pem
+```
+
+Now comes the hacky part, reader discretion is advised.
+In [SecretsExtension.java](extensions/did-example-resolver/src/main/java/org/eclipse/edc/iam/identitytrust/core/SecretsExtension.java)
+replace the String block for the private and public key with the contents of the newly created `*.pem` files.
+
+Clean-rebuild-restart the applications. Don't forget to [seed](#42-seeding-the-dataspace). Done.
+
+#### 9.2.2 Kubernetes deployment
+
+Here, participant keys are dynamically generated by IdentityHub, so there is no need to pre-generate them. In fact,
+everytime the dataspace is re-deployed and the [seed script](#53-seed-the-dataspace) is executed, a new key pair is
+generated for each participant.
+To be extra-precise, the keys are regenerated when a new `ParticipantContext` is created.
+
+## 10. Other caveats, shortcuts and workarounds
 
 It must be emphasized that this is a **DEMO**, it does not come with any guarantee w.r.t. operational readiness and
 comes with a few significant shortcuts affecting security amongst other things, for the sake of simplicity. These are:
 
-### 9.1 In-memory stores in local deployment
+### 10.1 In-memory stores in local deployment
 
 When running the MVD from IntelliJ, the runtimes exclusively use in-memory stores and in-memory vaults. We opted for
 this to avoid having to either provide (and maintain) a docker-compose file for those services, or to put users through
@@ -717,9 +782,9 @@ an arduous amount of setup and configuration.
 
 The Kubernetes deployment uses both persistent storage (PostgreSQL) and secure vaults (Hashicorp Vault).
 
-### 9.2 DID resolution
+### 10.2 DID resolution
 
-#### 9.2.1 `did:web` for participants
+#### 10.2.1 `did:web` for participants
 
 Every participant hosts their DIDs in their IdentityHubs, which means, that the HTTP-URL that the DID maps to must be
 accessible for all other participants. For example, every participant pod in the cluster must be able to resolve a DID
@@ -729,14 +794,14 @@ _ingress URL_, but must use the _service's_ URL. A service in turn is not access
 are only resolvable from _inside_ the cluster. Unfortunately, there is no way around this, unless we put DIDs on a
 publicly resolvable CDN or webserver.
 
-#### 9.2.2 `did:example` for the dataspace credential issuer
+#### 10.2.2 `did:example` for the dataspace credential issuer
 
 The "dataspace issuer" does not exist as participant yet, so instead of deploying a fake IdentityHub, we opted for
 introducing the (completely made up) `"did:example"` method, for which there is a [custom-built DID
 resolver](extensions/did-example-resolver/src/main/java/org/eclipse/edc/iam/identitytrust/core/DidExampleResolver.java)
 in the code.
 
-### 9.3 No issuance (yet)
+### 10.3 No issuance (yet)
 
 All credentials are pre-generated manually because the DCP Issuance Flow is not implemented yet. Credentials are put
 into the stores by an extension called `IdentityHubExtension.java` and are **different** for local deployments and
diff --git a/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json b/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json
index 4092adb2..a73ec2cd 100644
--- a/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json
+++ b/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json
@@ -9,7 +9,7 @@
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JWT",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJsZXZlbCI6InByb2Nlc3NpbmcifX0sImlhdCI6MTcyODQ4ODU4N30.hQDsC3u0UI4ZOqmOv8xk6u2uRDVWQFsu6C1fnKy2L7yJttOoimyQ6hYvfv1OKaEo2k14QKJfctF80ZA7v9-aBg",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJsZXZlbCI6InByb2Nlc3NpbmcifX0sImlhdCI6MTcyOTgzNjU1OX0.Bxr2R-b-2OjDjgL-NkngIdLamddtc1wm5wpGKDBuNj00F3FXUpq97DEsOO-qmkLycm4tWhTl25QPI4yni9hmAw",
     "credential": {
       "credentialSubject": [
         {
diff --git a/deployment/assets/credentials/k8s/consumer/membership-credential.json b/deployment/assets/credentials/k8s/consumer/membership-credential.json
index cf11d87d..35510c27 100644
--- a/deployment/assets/credentials/k8s/consumer/membership-credential.json
+++ b/deployment/assets/credentials/k8s/consumer/membership-credential.json
@@ -8,7 +8,7 @@
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4Mzpjb25zdW1lciIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJGdWxsTWVtYmVyIiwid2Vic2l0ZSI6Ind3dy53aGF0ZXZlci5jb20iLCJjb250YWN0IjoiZml6ei5idXp6QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3Mjg0ODg1ODd9.slRY7Q0NK8K5g2SiYN5IxNq6Yaa6kLJVOv8hbKWjlOCjOAcJGRJ3w8uZlTfxf4BfJmV6VmYFuxX-gNOkLGhZBQ",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4Mzpjb25zdW1lciIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJGdWxsTWVtYmVyIiwid2Vic2l0ZSI6Ind3dy53aGF0ZXZlci5jb20iLCJjb250YWN0IjoiZml6ei5idXp6QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3Mjk4MzY1NTl9.mTigFc6TKFP_gKeKBrekJcsZML0IGEhEDl8hf2dXnylxpd8q7luEojHGV6Ph6pIYP390wCeZwT5RS8zYXM5PCQ",
     "format": "JWT",
     "credential": {
       "credentialSubject": [
diff --git a/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json b/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json
index 91c2f7d0..e9e75985 100644
--- a/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json
+++ b/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json
@@ -9,7 +9,7 @@
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JSON_LD",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwic3ViIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwiY29udHJhY3RWZXJzaW9uIjoibXZkLWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImxldmVsIjoibXZkLWNyZWRlbnRpYWxzOmxldmVsIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI0RhdGFQcm9jZXNzb3JDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6cHJvdmlkZXIiLCJsZXZlbCI6InByb2Nlc3NpbmciLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCJ9fSwiaWF0IjoxNzI4NDg4NTg3fQ.LXdywgaQ_RnPzOz_8fhMn21-t-Abq5vX5tfeCh42eozVpEt_chU3uDtFrEWsojqFZwPAh0UV2UZ1ZIaF6vb1DQ",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwic3ViIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwiY29udHJhY3RWZXJzaW9uIjoibXZkLWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImxldmVsIjoibXZkLWNyZWRlbnRpYWxzOmxldmVsIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI0RhdGFQcm9jZXNzb3JDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6cHJvdmlkZXIiLCJsZXZlbCI6InByb2Nlc3NpbmciLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCJ9fSwiaWF0IjoxNzI5ODM2NTU5fQ.JO8xIR2jYeLD9LNPJJ2ut0-yw-IGG1Rmgh6fLiu7CAAWn-oJ8DGyA6NwlkpUXOa-A91M7ezkbGV3FQmEdmGXDA",
     "credential": {
       "credentialSubject": [
         {
diff --git a/deployment/assets/credentials/k8s/provider/membership-credential.json b/deployment/assets/credentials/k8s/provider/membership-credential.json
index 943757e6..c134ce90 100644
--- a/deployment/assets/credentials/k8s/provider/membership-credential.json
+++ b/deployment/assets/credentials/k8s/provider/membership-credential.json
@@ -8,7 +8,7 @@
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwic3ViIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwibWVtYmVyc2hpcCI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoibXZkLWNyZWRlbnRpYWxzOndlYnNpdGUiLCJjb250YWN0IjoibXZkLWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6Im12ZC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6cHJvdmlkZXItaWRlbnRpdHlodWIlM0E3MDgzOnByb3ZpZGVyIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSIsImNvbnRhY3QiOiJtaXgubWF4QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3Mjg0ODg1ODd9.kc7fODpUSa9WZtkV7I3kk72GDzXZ5HN6KsWT5O6QblL-76-2yZHr8f9O2v4RVVrzfjCBmwxwBkDjuRVDkv6MDg",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwic3ViIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwibWVtYmVyc2hpcCI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoibXZkLWNyZWRlbnRpYWxzOndlYnNpdGUiLCJjb250YWN0IjoibXZkLWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6Im12ZC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6cHJvdmlkZXItaWRlbnRpdHlodWIlM0E3MDgzOnByb3ZpZGVyIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSIsImNvbnRhY3QiOiJtaXgubWF4QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3Mjk4MzY1NTh9.ggkCYhvPM2NRrwRWMWj-y9TJfz4yN06kYENtZ0PfyDk2k43qqujW-g7qGdiwiGzqwjQ1NeXwk_GvrBSxSd6zAg",
     "format": "JSON_LD",
     "credential": {
       "credentialSubject": [
diff --git a/deployment/assets/credentials/local/consumer/dataprocessor-credential.json b/deployment/assets/credentials/local/consumer/dataprocessor-credential.json
index 53e1651b..262408fc 100644
--- a/deployment/assets/credentials/local/consumer/dataprocessor-credential.json
+++ b/deployment/assets/credentials/local/consumer/dataprocessor-credential.json
@@ -9,7 +9,7 @@
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JWT",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA4MyIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIiwibGV2ZWwiOiJwcm9jZXNzaW5nIn19LCJpYXQiOjE3Mjg0ODg1ODd9.HKSf0cwpbdrTf6x79c7si3Ut0jm9yjxm_Q3v_bvj8ahL1B8ntjA9t4lwNjYIUvw46Ufgt4eeJwcKbtUEB23OBA",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA4MyIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIiwibGV2ZWwiOiJwcm9jZXNzaW5nIn19LCJpYXQiOjE3Mjk4MzY1NTl9.ojH0Tb3fJd-jkipg7yOEfEeUM_rOSmOLXYvUkJ_Ng_YPVqCxozxaa_C3fYkG66G9BLcxwfP03MK_8OnkjKwaCQ",
     "credential": {
       "credentialSubject": [
         {
diff --git a/deployment/assets/credentials/local/consumer/membership-credential.json b/deployment/assets/credentials/local/consumer/membership-credential.json
index 5cb29376..b06845f1 100644
--- a/deployment/assets/credentials/local/consumer/membership-credential.json
+++ b/deployment/assets/credentials/local/consumer/membership-credential.json
@@ -8,7 +8,7 @@
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyODQ4ODU4N30.r9zEb_SL-EqFmUj5NZGao8CF9Qw4O2-3Njc6_Anw3dtQqAInjdE6FJGEcllOzx340BlnYE0zyzQ8ykYFOZsRAg",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyOTgzNjU1OX0.2thO4SFErK_uW0XwkCGEP0o-Rje5ZoZgx2u8DkpVZddj7OT3QmA4INU0W7CEmSp-D6CFzV4kYZYNO0yEjgSyBQ",
     "format": "JWT",
     "credential": {
       "credentialSubject": [
diff --git a/deployment/assets/credentials/local/provider/dataprocessor-credential.json b/deployment/assets/credentials/local/provider/dataprocessor-credential.json
index b83289af..830d925f 100644
--- a/deployment/assets/credentials/local/provider/dataprocessor-credential.json
+++ b/deployment/assets/credentials/local/provider/dataprocessor-credential.json
@@ -9,7 +9,7 @@
   "reissuancePolicy": null,
   "verifiableCredential": {
     "format": "JWT",
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwic3ViIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwiY29udHJhY3RWZXJzaW9uIjoibXZkLWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImxldmVsIjoibXZkLWNyZWRlbnRpYWxzOmxldmVsIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI0RhdGFQcm9jZXNzb3JDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwibGV2ZWwiOiJwcm9jZXNzaW5nIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAifX0sImlhdCI6MTcyODQ4ODU4N30.u2CKQs8uzHmEFnaLZeXg84fGTh7zeYrtWrDoAC7GTVhLlHcnkX1cNselvWHrgB2t_An7IYAtdyWq7X8MWJKvAQ",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwic3ViIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwiY29udHJhY3RWZXJzaW9uIjoibXZkLWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImxldmVsIjoibXZkLWNyZWRlbnRpYWxzOmxldmVsIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI0RhdGFQcm9jZXNzb3JDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwibGV2ZWwiOiJwcm9jZXNzaW5nIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAifX0sImlhdCI6MTcyOTgzNjU1OX0.Eui2yD_fPnWv5dXnP1XUZF5lkTcDW_n82QNedrDteGPCx1sWH7ifjyNwOFZyt_WieBTMsvVZ9GGVHuO6n5AiCA",
     "credential": {
       "credentialSubject": [
         {
diff --git a/deployment/assets/credentials/local/provider/membership-credential.json b/deployment/assets/credentials/local/provider/membership-credential.json
index 10e8ab47..ab434d2a 100644
--- a/deployment/assets/credentials/local/provider/membership-credential.json
+++ b/deployment/assets/credentials/local/provider/membership-credential.json
@@ -8,7 +8,7 @@
   "issuancePolicy": null,
   "reissuancePolicy": null,
   "verifiableCredential": {
-    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwic3ViIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwibWVtYmVyc2hpcCI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoibXZkLWNyZWRlbnRpYWxzOndlYnNpdGUiLCJjb250YWN0IjoibXZkLWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6Im12ZC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzEyMzQiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA5MyIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJQcm9zcGVjdE1lbWJlciIsIndlYnNpdGUiOiJ3d3cucXVpenpxdWF6ei5jb20iLCJjb250YWN0IjoiZm9vLmJhckBxdWl6enF1YXp6LmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3Mjg0ODg1ODd9.nPbUdHiOz4PcJXFKhzyH-9A6mcaL9xPQPZ_ClWU30tn2W8mZxFWLHOcBanYKiWoYLzgwMq06F5fE9DixiPcOBA",
+    "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwic3ViIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6Ym9iIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwibWVtYmVyc2hpcCI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoibXZkLWNyZWRlbnRpYWxzOndlYnNpdGUiLCJjb250YWN0IjoibXZkLWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6Im12ZC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzEyMzQiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA5MyIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJQcm9zcGVjdE1lbWJlciIsIndlYnNpdGUiOiJ3d3cucXVpenpxdWF6ei5jb20iLCJjb250YWN0IjoiZm9vLmJhckBxdWl6enF1YXp6LmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3Mjk4MzY1NTl9.jVc9KqCzkgQPfO46XL-l3vpPKmVUcqhNOOyDTWuK4bMFlen9khkHpIqYpSOsyLTP82uVLvgAHnn_4XtrJSF6BA",
     "format": "JWT",
     "credential": {
       "credentialSubject": [
diff --git a/deployment/assets/issuer_private.pem b/deployment/assets/issuer_private.pem
index c7656333..8a63542f 100644
--- a/deployment/assets/issuer_private.pem
+++ b/deployment/assets/issuer_private.pem
@@ -1,3 +1,3 @@
 -----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIPNmhA8SqDX9FE45fuk/p1+kr+MZQEqYha+6WnUauYLa
+MC4CAQAwBQYDK2VwBCIEID1gMsekH7JN9Q/L2UMCBkAPET10NE0T2BB4c2rRSBzg
 -----END PRIVATE KEY-----
diff --git a/deployment/assets/issuer_public.pem b/deployment/assets/issuer_public.pem
index 661eb27a..51b25024 100644
--- a/deployment/assets/issuer_public.pem
+++ b/deployment/assets/issuer_public.pem
@@ -1,3 +1,3 @@
 -----BEGIN PUBLIC KEY-----
-MCowBQYDK2VwAyEAhK2DQ2zZ4y/QHDXi3x9mUx6SC2AzIlP4NK7BjrfE9WM=
+MCowBQYDK2VwAyEAHsq2QXPbbsU7j6JwXstbpxGSgliI04g/fU3z2nwkuVc=
 -----END PUBLIC KEY-----
diff --git a/extensions/did-example-resolver/src/main/resources/did_example_dataspace-issuer.json b/extensions/did-example-resolver/src/main/resources/did_example_dataspace-issuer.json
index 5fc8c8e4..721fd34b 100644
--- a/extensions/did-example-resolver/src/main/resources/did_example_dataspace-issuer.json
+++ b/extensions/did-example-resolver/src/main/resources/did_example_dataspace-issuer.json
@@ -1,26 +1,26 @@
 {
-  "id": "did:example:dataspace-issuer",
-  "@context": [
-    "https://www.w3.org/ns/did/v1",
-    {
-      "@base": "did:example:dataspace-issuer"
-    }
-  ],
   "service": [],
   "verificationMethod": [
     {
       "id": "did:example:dataspace-issuer#key-1",
-      "controller": "did:example:dataspace-issuer",
       "type": "JsonWebKey2020",
+      "controller": "did:example:dataspace-issuer",
+      "publicKeyMultibase": null,
       "publicKeyJwk": {
         "kty": "OKP",
         "crv": "Ed25519",
-        "kid": "key-1",
-        "x": "hK2DQ2zZ4y_QHDXi3x9mUx6SC2AzIlP4NK7BjrfE9WM"
+        "x": "Hsq2QXPbbsU7j6JwXstbpxGSgliI04g_fU3z2nwkuVc"
       }
     }
   ],
   "authentication": [
     "key-1"
+  ],
+  "id": "did:example:dataspace-issuer",
+  "@context": [
+    "https://www.w3.org/ns/did/v1",
+    {
+      "@base": "did:example:dataspace-issuer"
+    }
   ]
-}
+}
\ No newline at end of file
diff --git a/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java b/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java
index c308bd80..ea6a9a78 100644
--- a/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java
+++ b/launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java
@@ -21,6 +21,7 @@
 import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
+import org.eclipse.edc.iam.did.spi.document.DidDocument;
 import org.eclipse.edc.keys.keyparsers.PemParser;
 import org.eclipse.edc.security.token.jwt.CryptoConverter;
 import org.junit.jupiter.api.extension.ExtensionContext;
@@ -32,8 +33,11 @@
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.security.KeyPair;
 import java.security.PrivateKey;
+import java.security.PublicKey;
 import java.time.Instant;
 import java.util.Date;
 import java.util.Map;
@@ -48,11 +52,14 @@
  *     <li>A public/private key pair in either JWK or PEM format</li>
  * </ul>
  */
+@SuppressWarnings("NewClassNamingConvention")
 public class JwtSigner {
 
+    public static final String ISSUER_PRIVATE_KEY_FILE_PATH = System.getProperty("user.dir") + "/../../deployment/assets/issuer_private.pem";
+    public static final String ISSUER_PUBLIC_KEY_FILE_PATH = System.getProperty("user.dir") + "/../../deployment/assets/issuer_public.pem";
+    public static final String ISSUER_DID_DOCUMENT_FILE_PATH = System.getProperty("user.dir") + "/../../extensions/did-example-resolver/src/main/resources/did_example_dataspace-issuer.json";
     private final ObjectMapper mapper = new ObjectMapper();
 
-    @SuppressWarnings("unchecked")
     @ParameterizedTest
     @ArgumentsSource(InputOutputProvider.class)
     void generateJwt(String rawCredentialFilePath, File vcResource, String did) throws JOSEException, IOException {
@@ -74,16 +81,27 @@ void generateJwt(String rawCredentialFilePath, File vcResource, String did) thro
                 .build();
 
         // this must be the path to the Credential issuer's private key
-        var privateKey = (PrivateKey) new PemParser(mock()).parse(readFile(System.getProperty("user.dir") + "/../../deployment/assets/issuer_private.pem")).orElseThrow(f -> new RuntimeException(f.getFailureDetail()));
+        var privateKey = (PrivateKey) new PemParser(mock()).parse(readFile(ISSUER_PRIVATE_KEY_FILE_PATH)).orElseThrow(f -> new RuntimeException(f.getFailureDetail()));
+        var publicKey = (PublicKey) new PemParser(mock()).parse(readFile(ISSUER_PUBLIC_KEY_FILE_PATH)).orElseThrow(f -> new RuntimeException(f.getFailureDetail()));
 
+        // sign raw credentials with new issuer public key
         var jwt = new SignedJWT(header, claims);
         jwt.sign(CryptoConverter.createSignerFor(privateKey));
 
-        // replace the "rawVc" field in the output file
-
+        // replace the "rawVc" field in the VC resources file, so that it gets seeded to the database
         var content = Files.readString(vcResource.toPath());
         var updatedContent = content.replaceFirst("\"rawVc\":.*,", "\"rawVc\": \"%s\",".formatted(jwt.serialize()));
         Files.write(vcResource.toPath(), updatedContent.getBytes());
+
+        // update issuer DID document with new public key
+        var didDocFile = ISSUER_DID_DOCUMENT_FILE_PATH;
+        var issuerJwk = CryptoConverter.createJwk(new KeyPair(publicKey, privateKey));
+        var didDoc = mapper.readValue(new File(didDocFile), DidDocument.class);
+
+        var issuerPk = didDoc.getVerificationMethod().get(0).getPublicKeyJwk();
+        issuerPk.clear();
+        issuerPk.putAll(issuerJwk.toPublicJWK().toJSONObject());
+        Files.write(Path.of(didDocFile), mapper.writeValueAsBytes(didDoc));
     }
 
     private String readFile(String path) {