step is a toolkit for working with your public key infrastructure (PKI).
It's also the client counterpart to the
step-ca online Certificate Authority (CA).
Here's a quick example, combining
step oauth and
step crypto to get and verify the signature of a Google OAuth OIDC token:
Questions? Ask us on GitHub Discussions.
Step CLI's command groups illustrate some of its uses:
step certificate: Work with X.509 (TLS/HTTPS) certificates.
- Create, revoke, validate, lint, and bundle X.509 certificates.
- Install (and remove) X.509 certificates into your system's (and brower's) trust store.
- Create key pairs (RSA, ECDSA, EdDSA) and certificate signing requests (CSRs)
- Sign CSRs
- Create RFC5280 and CA/Browser Forum-compliant certificates that work for TLS and HTTPS
- Create CA certificates (root and intermediate signing certificates)
- Create self-signed & CA-signed certificates
- Inspect and lint certificates on disk or in use by a remote server
- Install root certificates so your CA is trusted by default (issue development certificates that work in browsers)
step crypto: A general-purpose crypto toolkit
- Work with JWTs (RFC7519) and other JOSE constructs
- Generate and verify TOTP tokens for multi-factor authentication (MFA)
- Work with NaCl's high-speed tools for encryption and signing
- Apply key derivation functions (KDFs) and verify passwords using
- Generate and check file hashes
step oauth: Add an OAuth 2.0 single sign-on flow to any CLI application.
- Supports OAuth authorization code, out-of-band (OOB), JWT bearer, and refresh token flows
- Get OAuth access tokens and OIDC identity tokens at the command line from any provider.
- Verify OIDC identity tokens (
step crypto jwt verify)
- Generate SSH user and host key pairs and short-lived certificates
- Add and remove certificates to the SSH agent
- Inspect SSH certificates
- Login and use single sign-on SSH
See our installation docs here.
- Connect with
stepusers on GitHub Discussions
- Open an issue and tell us what features you'd like to see
- Follow Smallstep on Twitter