carl

How to Handle Secrets on the Command Line
How to keep secret credentials safe on the command line.
How to use step-ca with Hardware Security Modules (HSMs)
How to use a PKCS #11 HSM with step-ca to protect your private keys
Build a Tiny Certificate Authority For Your Homelab
Let’s make a tiny, standalone CA! We’ll use a Raspberry Pi 4, YubiKey 5 NFC, and Infinite Noise TRNG.
The Embarrassing State of Enterprise ACME Support
ACME is a great protocol for internal certificate management, but enterprise software is not yet ready.
Clever Uses of SSH Certificate Templates

Clever Uses of SSH Certificate Templates

By: Carl Tashian

We added SSH certificate templates to step-ca, and it opened up some unexpected opportunities.
Introducing Smallstep ACME RA: Automating internal TLS with ACME + Google CAS
We’re excited to announce our new HSM-backed cloud ACME server, the Smallstep ACME Registration Authority for Google CA Services.
Announcing X.509 Certificate Flexibility

Announcing X.509 Certificate Flexibility

By: Carl Tashian

We’ve added X.509 certificate templates to Step Certificates
DIY SSH Bastion Host

DIY SSH Bastion Host

By: Carl Tashian

How to create and deploy a simple and minimal bastion host on Ubuntu 20.04 LTS.
SSH Emergency Access

SSH Emergency Access

By: Carl Tashian

Learn how to prepare for emergency access to your SSH hosts.
The Poetics of CLI Command Names

The Poetics of CLI Command Names

By: Carl Tashian

Naming a CLI command requires deep and careful deliberation.
SSH Agent Explained

SSH Agent Explained

By: Carl Tashian

The SSH agent acts behind the scenes to keep you safe. Here’s how it works.
SSH Tips & Tricks

SSH Tips & Tricks

By: Carl Tashian

A few of our favorite SSH tricks and tips sure to improve your daily experience.
DIY Single Sign-On for SSH

DIY Single Sign-On for SSH

By: Carl Tashian

Let’s set up Google SSO for SSH! We’ll use OpenID Connect (OIDC), SSH certificates, a clever SSH configuration tweak, and Smallstep’s open source packages.