Multitenancy credential storage

[PatStLouis]

I noticed that when storing/querying credentials stored in a multi-tenant agent, the credentials are shared across sub wallets. I would like to understand why I get this behavior and how we can address this as this seems less than ideal.

[dbluhm]

Your original comment on Discord for context:

can someone validate for me if this is a bug or intended behavior? I have a multitenant agent. I create a subwallet, create a local did and store a VC. When I query the dids/VCs I see both of these resources. Then I create a new subwallet, create a local did and store a VC. When I query these resources I see the did I just create and both credentials. It seems like credentials are shared across all subwallets? Is that normal? Seems odd

What operation specifically are you referring to when you say "store a VC?"

[PatStLouis]

I'm calling the /vc/credentials/store endpoint, which invokes the vcHolder:

acapy/acapy_agent/vc/vc_ld/manager.py

Line 405 in 6ddb592

async def store_credential(

[PatStLouis]

This is similar to how the issue-credential-v2 ld_proof handler stores the credential:

acapy/acapy_agent/protocols/issue_credential/v2_0/formats/ld_proof/handler.py

Line 367 in 6ddb592

async def store_credential(

[dbluhm]

This was introduced in #3010 and was included in 1.0.0 and onward; a backport was also committed to 0.11.x and 0.12.x 🤦‍♂️

@swcurran sorry 😬 this will mean a new LTS patch release for those releases

[swcurran]

OK…that will be fun. I’d be tempted to not do 0.11.x since it’s LTS runs out in January 2025, but doing one or both does not make a big difference in effort.