SID-DATA-05 — Gate/Remove Dead VC/VP Storage Paths

Property	Value
Status	verified
Owner	platform
Category	technical
CSF Function	protect
Group	Data Protection Controls

Description

The verifiable_credentials and verifiable_presentations MongoDB collections had full CRUD REST endpoints but no production clients. Credentials and presentations are stored exclusively inside the encrypted private_data JWE blob via the frontend's event-sourced WalletState. PR #89 gates /storage/vc/* behind features.credential_storage_enabled (default: false) and removes /storage/vp/* endpoints entirely. See compliance/gdpr-findings.md §2 P-1, P-2. Issues: go-wallet-backend#84 (open), #85 (closed, merged into #84).

Components

Wallet Backend (Go)

Source References

go-wallet-backend/internal/domain/credential.go
go-wallet-backend/internal/modes/backend/backend.go
go-wallet-backend/pull/89

Audit Findings

Finding	Severity	Status
`P-1` — Dead credential storage path	low	resolved
`P-2` — Dead presentation storage path	low	resolved

Description​

Components​

Source References​

Audit Findings​

Description

Components

Source References

Audit Findings