• Stars
    star
    3,586
  • Rank 12,362 (Top 0.3 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 6 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

Step CLI

GitHub release Go Report Card Build Status License CLA assistant

GitHub stars Twitter followers

step is an easy-to-use CLI tool for building, operating, and automating Public Key Infrastructure (PKI) systems and workflows. It's the client counterpart to the step-ca online Certificate Authority (CA). You can use it for many common crypto and X.509 operations—either independently, or with an online CA.

Questions? Ask us on GitHub Discussions or Discord.

Website | Documentation | Installation | Basic Crypto Operations | Contributor's Guide

Features

Step CLI's command groups illustrate its wide-ranging uses:

  • step certificate: Work with X.509 (TLS/HTTPS) certificates.

    • Create, revoke, validate, lint, and bundle X.509 certificates.
    • Install (and remove) X.509 certificates into your system's (and browser's) trust store.
    • Validate certificate deployment and renewal status for automation
    • Create key pairs (RSA, ECDSA, EdDSA) and certificate signing requests (CSRs)
    • Sign CSRs
    • Create RFC5280 and CA/Browser Forum-compliant certificates that work for TLS and HTTPS
    • Create CA certificates (root and intermediate signing certificates)
    • Create self-signed & CA-signed certificates
    • Inspect and lint certificates on disk or in use by a remote server
    • Install root certificates so your CA is trusted by default (issue development certificates that work in browsers)
  • step ca: Administer and use a step-ca server, or any ACMEv2 (RFC8555) compliant CA server. ACME is the protocol used by Let's Encrypt to automate the issuance of HTTPS certificates.

  • step crypto: A general-purpose crypto toolkit

  • step oauth: Add an OAuth 2.0 single sign-on flow to any CLI application.

    • Supports OAuth authorization code, out-of-band (OOB), JWT bearer, and refresh token flows
    • Get OAuth access tokens and OIDC identity tokens at the command line from any provider.
    • Verify OIDC identity tokens (step crypto jwt verify)
  • step ssh: Create and manage SSH certificates (requires an online or offline step-ca instance)

    • Generate SSH user and host key pairs and short-lived certificates
    • Add and remove certificates to the SSH agent
    • Inspect SSH certificates
    • Login and use single sign-on SSH

Installation

See our installation docs here.

Example

Here's a quick example, combining step oauth and step crypto to get and verify the signature of a Google OAuth OIDC token:

Animated terminal showing step in practice

Community

Further Reading

More Repositories

1

certificates

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Go
6,457
star
2

autocert

⚓ A kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers
Go
687
star
3

step-issuer

⚙️A certificate issuer for cert-manager using step certificates CA
Go
194
star
4

truststore

Package to locally install development certificates
Go
96
star
5

hello-mtls

👋 Docs demonstrating mutual TLS configurations in various technologies
JavaScript
89
star
6

crypto

Crypto is a collection of packages used by Smallstep products
Go
71
star
7

step-sds

🔭 Secret discovery service (SDS): simplifying certificate management for relying parties (such as Envoy)
Go
68
star
8

helm-charts

Helm packages for Kubernetes
Shell
45
star
9

step-kms-plugin

🔐 step plugin to manage keys and certificates on a cloud KMSs and HSMs
Go
45
star
10

docker-tls

TLS Certificate Management solutions for common Docker services. Including ACME enrollment, renewal, and reloading. Works with smallstep/certificates.
Shell
45
star
11

step-ssh-example

An example of how to leverage `step ssh` to achieve Single Sign-On for SSH
Shell
43
star
12

nosql

NoSQL is an abstraction layer for data persistency
Go
20
star
13

scep

Go SCEP server
Go
17
star
14

docs

📖 Documentation for Smallstep open source tools and products served at https://smallstep.com/docs
MDX
15
star
15

pkcs11-key-wrap

🔐 Wrap keys from HSM using CKM_RSA_AES_KEY_WRAP step by step
Go
13
star
16

clients

Various client examples for getting TLS certificates from a Smallstep CA server
Python
13
star
17

mongo-tls

Complete setups for MongoDB single-node TLS, cluster TLS, and X.509 user authentication, using the step-ca online Certificate Authority.
Shell
12
star
18

docs-old

DO NOT USE. See: https://github.com/smallstep/docs
11
star
19

cli-utils

Common code between step and step-ca
Go
10
star
20

step-aws-emojivoto

Self-service proof of concept securing microservices with step on AWS
Puppet
7
star
21

logging

Log with confidence
Go
7
star
22

homebrew-smallstep

formulas for building and installing packages via homebrew
Ruby
7
star
23

webhooks

Example server implementation for step-ca webhooks
Go
6
star
24

terraform-provider-smallstep

Go
6
star
25

butane-smallstep-acme-ra

Butane smallstep ACME RA for Fedora CoreOS
Jinja
5
star
26

scoop-bucket

🪣 Scoop bucket for Smallstep open source projects
4
star
27

ansible-collection-sigstore

An Ansible collection for using Sigstore to verify file signatures
Python
4
star
28

action-install-step-cli

A GitHub Action to install step CLI on Linux and MacOS.
3
star
29

linkedca

🤵‍♂️Support for Linked CAs using protocol buffers and gRPC
Go
3
star
30

qb

Just a simple SQL query builder
Go
3
star
31

ansible-collection-agent

An Ansible Collection for installing the smallstep agent
Python
2
star
32

action-smallstep-ca-bootstrap

A GitHub Action to bootstraps your CA on your GitHub Action runs with step CLI
2
star
33

go-grpc-example

An example of using TLS with gRPC in Go
Go
2
star
34

tls-probe

Shell
2
star
35

docker-ca-trust

Dockerfiles that bootstrap with an internal X.509 Certificate Authority
2
star
36

run-anywhere-terraform

Terraform modules to set up the base resources required by a run anywhere on-premise installation.
Python
2
star
37

smallstep-python

A Python client library for the Smallstep API
Python
2
star
38

ansible-collection-cli

An Ansible collection for installing step CLI
2
star
39

aur-step-ca-bin

Shell
1
star
40

workflows

1
star
41

sshutil

🤫 🧱 a not-so-secret SSH client & server utility module.
Go
1
star
42

smallstep-desktop

1
star
43

step-agent-plugin

1
star
44

assert

A simple assertion framework for Go
Go
1
star
45

analyze-step-ca-db

Unofficial helpers for analyzing the step-ca database
Go
1
star
46

aur-step-cli-bin

Shell
1
star
47

sequel

Go
1
star