Add support for the FAIR_VERIFICATION_KEY environment variable during verification key checking

README.md

@@ -58,6 +58,7 @@ fair-tools did service replace          Replace a service URL in a DID
 fair-tools did service remove           Remove a service URL from a DID
 fair-tools did service verify           Verify a FAIR service endpoint URL
 fair-tools did verification-key add     Add a verification key
+fair-tools did verification-key check   Check if a verification key is valid for a DID
 fair-tools did verification-key revoke  Revoke a verification key
 fair-tools did rotation-key add         Add a rotation key
 fair-tools did rotation-key revoke      Revoke a rotation key
@@ -248,6 +249,31 @@ fair-tools did verification-key add \
 
 Use `--output-file` to save the new key to a different file instead of the signing file.
 
+### Check verification key
+
+Checks if a verification key is present in the DID document's verification methods.
+
+```bash
+fair-tools did verification-key check \
+  --did did:plc:xxx \
+  --key did:key:z6Mk...
+```
+
+You can also provide the key via file or environment variable:
+
+```bash
+# From a file (accepts public key or private keypair)
+fair-tools did verification-key check \
+  --did did:plc:xxx \
+  --key-file ./key.pem
+
+# From environment variable
+FAIR_VERIFICATION_KEY=z6Mk... fair-tools did verification-key check \
+  --did did:plc:xxx
+```
+
+If neither `--key` nor `--key-file` is provided, uses `FAIR_VERIFICATION_KEY` environment variable.
+
 ### Add rotation key
 
 Generates a new rotation key, adds it to a DID, and saves it to the key file.

src/cli/did-verification-key-check.ts

@@ -39,6 +39,8 @@ Key input (one required):
                        Public key should be in did:key format (did:key:z6Mk...) or multibase format (z6Mk...).
                        Private key can be in PEM, multibase, or hex format.
 
+  If neither --key nor --key-file is provided, uses FAIR_VERIFICATION_KEY environment variable.
+
 Optional:
   --help               Show this help message
 
@@ -56,12 +58,6 @@ if (!values.did) {
 	process.exit(2);
 }
 
-if (!values.key && !values['key-file']) {
-	console.error('Error: Must provide either --key or --key-file');
-	console.error('Run with --help for usage information.');
-	process.exit(2);
-}
-
 if (values.key && values['key-file']) {
 	console.error('Error: Cannot specify both --key and --key-file');
 	console.error('Run with --help for usage information.');
@@ -88,9 +84,16 @@ try {
 		// --key-file accepts both public and private keys
 		const keyInput = await readFile(values['key-file'], 'utf-8');
 		publicKeyMultibase = await getVerificationPublicKeyMultibase(keyInput);
-	} else {
+	} else if (values.key) {
 		// --key only accepts public keys
-		publicKeyMultibase = await parsePublicKeyOnly(values.key!);
+		publicKeyMultibase = await parsePublicKeyOnly(values.key);
+	} else if (process.env.FAIR_VERIFICATION_KEY) {
+		// FAIR_VERIFICATION_KEY env var - handles like --key-file
+		publicKeyMultibase = await getVerificationPublicKeyMultibase(process.env.FAIR_VERIFICATION_KEY);
+	} else {
+		console.error('Error: Must provide --key, --key-file, or set FAIR_VERIFICATION_KEY environment variable');
+		console.error('Run with --help for usage information.');
+		process.exit(2);
 	}
 } catch (err) {
 	if (err instanceof VerificationKeyInputError) {