diff --git a/kepler-core/src/db.rs b/kepler-core/src/db.rs
index c8105331..fd99fe58 100644
--- a/kepler-core/src/db.rs
+++ b/kepler-core/src/db.rs
@@ -1,6 +1,6 @@
 use crate::events::{epoch_hash, Delegation, Event, HashError, Invocation, Operation, Revocation};
 use crate::hash::Hash;
-use crate::keys::Secrets;
+use crate::keys::{get_did_key, Secrets};
 use crate::migrations::Migrator;
 use crate::models::*;
 use crate::relationships::*;
@@ -14,7 +14,6 @@ use kepler_lib::{
     authorization::{EncodingError, KeplerDelegation},
     resource::OrbitId,
 };
-use libp2p::identity::PublicKey;
 use sea_orm::{
     entity::prelude::*,
     error::{DbErr, RuntimeErr, SqlxError},
@@ -117,8 +116,8 @@ impl<C, B, K> OrbitDatabase<C, B, K>
 where
     K: Secrets,
 {
-    pub async fn stage_key(&self, orbit: &OrbitId) -> Result<PublicKey, K::Error> {
-        self.secrets.stage_keypair(orbit).await
+    pub async fn stage_key(&self, orbit: &OrbitId) -> Result<String, K::Error> {
+        self.secrets.stage_keypair(orbit).await.map(get_did_key)
     }
 }
 
diff --git a/kepler-core/src/keys.rs b/kepler-core/src/keys.rs
index 31697e3a..3efe05c0 100644
--- a/kepler-core/src/keys.rs
+++ b/kepler-core/src/keys.rs
@@ -2,16 +2,29 @@ use kepler_lib::{
     libipld::cid::multihash::{Blake3_256, Hasher},
     resource::OrbitId,
 };
-use libp2p::{
-    identity::{
-        ed25519::{Keypair as EdKP, SecretKey},
-        DecodingError, Keypair, PublicKey,
-    },
-    PeerId,
+use libp2p::identity::{
+    ed25519::{Keypair as EdKP, SecretKey},
+    DecodingError,
 };
 use sea_orm_migration::async_trait::async_trait;
 use std::error::Error as StdError;
 
+pub use libp2p::{
+    identity::{Keypair, PublicKey},
+    PeerId,
+};
+
+pub(crate) fn get_did_key(key: PublicKey) -> String {
+    use kepler_lib::libipld::cid::multibase;
+    // only ed25519 feature is enabled, so this unwrap should never fail
+    let ed25519_pk_bytes = key.try_into_ed25519().unwrap().to_bytes();
+    let multicodec_pk = [[0xed].as_slice(), ed25519_pk_bytes.as_slice()].concat();
+    format!(
+        "did:key:{}",
+        multibase::encode(multibase::Base::Base58Btc, multicodec_pk)
+    )
+}
+
 #[async_trait]
 pub trait Secrets {
     type Error: StdError;
diff --git a/src/routes/mod.rs b/src/routes/mod.rs
index 53d46743..5aa4f12f 100644
--- a/src/routes/mod.rs
+++ b/src/routes/mod.rs
@@ -35,7 +35,7 @@ pub async fn open_host_key(
     s: &State<Kepler>,
     orbit: &str,
 ) -> Result<String, (Status, &'static str)> {
-    Ok(s.stage_key(
+    s.stage_key(
         &orbit
             .parse()
             .map_err(|_| (Status::BadRequest, "Invalid orbit ID"))?,
@@ -46,9 +46,7 @@ pub async fn open_host_key(
             Status::InternalServerError,
             "Failed to stage keypair for orbit",
         )
-    })?
-    .to_peer_id()
-    .to_base58())
+    })
 }
 
 #[post("/delegate")]