From 146591b02c5713ec34fffad69ddc8070c1f1289a Mon Sep 17 00:00:00 2001
From: eqty-devbot <cameron+eqty-devbot@eqtylab.io>
Date: Mon, 2 Mar 2026 22:08:56 -0800
Subject: [PATCH] fix(p256): avoid serializing secrets into DID document

---
 integrity-signer/src/signer/p256_signer.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/integrity-signer/src/signer/p256_signer.rs b/integrity-signer/src/signer/p256_signer.rs
index a6d6027..a454e90 100644
--- a/integrity-signer/src/signer/p256_signer.rs
+++ b/integrity-signer/src/signer/p256_signer.rs
@@ -23,7 +23,7 @@ impl P256Signer {
         let key_pair = P256KeyPair::new();
         let did_doc = key_pair.get_did_document(did_key::Config {
             use_jose_format: true,
-            serialize_secrets: true,
+            serialize_secrets: false,
         });
         let signer = P256Signer {
             secret_key: key_pair.private_key_bytes(),
@@ -45,7 +45,7 @@ impl P256Signer {
         let key_pair = P256KeyPair::from_secret_key(secret_key);
         let did_doc = key_pair.get_did_document(did_key::Config {
             use_jose_format: true,
-            serialize_secrets: true,
+            serialize_secrets: false,
         });
         let signer = P256Signer {
             secret_key: secret_key.to_vec(),