cli

module
v0.27.3-rc5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 23, 2024 License: Apache-2.0

README

Step CLI

GitHub release Go Report Card Build Status License CLA assistant

GitHub stars Twitter followers

step is an easy-to-use CLI tool for building, operating, and automating Public Key Infrastructure (PKI) systems and workflows. It's the client counterpart to the step-ca online Certificate Authority (CA). You can use it for many common crypto and X.509 operations—either independently, or with an online CA.

Questions? Ask us on GitHub Discussions or Discord.

Website | Documentation | Installation | Basic Crypto Operations | Contributor's Guide

Features

Step CLI's command groups illustrate its wide-ranging uses:

  • step certificate: Work with X.509 (TLS/HTTPS) certificates.

    • Create, revoke, validate, lint, and bundle X.509 certificates.
    • Install (and remove) X.509 certificates into your system's (and browser's) trust store.
    • Validate certificate deployment and renewal status for automation
    • Create key pairs (RSA, ECDSA, EdDSA) and certificate signing requests (CSRs)
    • Sign CSRs
    • Create RFC5280 and CA/Browser Forum-compliant certificates that work for TLS and HTTPS
    • Create CA certificates (root and intermediate signing certificates)
    • Create self-signed & CA-signed certificates
    • Inspect and lint certificates on disk or in use by a remote server
    • Install root certificates so your CA is trusted by default (issue development certificates that work in browsers)
  • step ca: Administer and use a step-ca server, or any ACMEv2 (RFC8555) compliant CA server. ACME is the protocol used by Let's Encrypt to automate the issuance of HTTPS certificates.

  • step crypto: A general-purpose crypto toolkit

  • step oauth: Add an OAuth 2.0 single sign-on flow to any CLI application.

    • Supports OAuth authorization code, out-of-band (OOB), JWT bearer, and refresh token flows
    • Get OAuth access tokens and OIDC identity tokens at the command line from any provider.
    • Verify OIDC identity tokens (step crypto jwt verify)
  • step ssh: Create and manage SSH certificates (requires an online or offline step-ca instance)

    • Generate SSH user and host key pairs and short-lived certificates
    • Add and remove certificates to the SSH agent
    • Inspect SSH certificates
    • Login and use single sign-on SSH

Installation

See our installation docs here.

Example

Here's a quick example, combining step oauth and step crypto to get and verify the signature of a Google OAuth OIDC token:

Animated terminal showing step in practice

Community

Further Reading

Directories

Path Synopsis
cmd
command
api
ca
crl
ssh
internal
kdf
pkg
bcrypt_pbkdf
Package bcrypt_pbkdf implements password-based key derivation function based on bcrypt compatible with bcrypt_pbkdf(3) from OpenBSD.
Package bcrypt_pbkdf implements password-based key derivation function based on bcrypt compatible with bcrypt_pbkdf(3) from OpenBSD.
internal/utfbom
Package utfbom implements the detection of the BOM (Unicode Byte Order Mark) and removing as necessary.
Package utfbom implements the detection of the BOM (Unicode Byte Order Mark) and removing as necessary.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL