Smallstep Certificate Manager | hosted private CAs for everyone!

Announcing v0.12.0 of step and step-ca

Max Furman
Max Furman

Version 0.12.0 of step and step-ca is now available. You can get it using brew install step (or brew upgrade step) on macOS or grab release artifacts for step and step-ca from Github.

The big headline feature for this release is the ability to create SSH user and host certificates, allowing you to streamline your SSH infrastructure and processes. No more editing Authorized Keys files for every change in membership and especially no more warnings about “remote host identification changes” which you're just going to ignore anyways (or is that just me?). This feature is covered in detail in its own blog post. In addition we've made another small improvement described below.

Remove password encryption from private keys

It is good hygiene to store private keys in encrypted format, so that they cannot be casually read from disk. However, many types of software and clients require that a private key be unencrypted. In general step tries to err on the side of caution; most of the time when step is creating and serializing a private key you will get prompted for a passphrase. step had a facility for changing the encryption passphrase on a key (step crypto change-pass), but it did not have the ability to remove encryption from a key and then serialize the unencrypted key to disk. So we've added that feature! Here's how it works:

step change-pass my-secret.priv --no-password --insecure

Storing unencrypted private keys on disk is insecure, hence step asks you to confirm your intention using the --insecure flag. If you decide to re-encrypt your private key later, you can also use the change-pass subcommand to make that change.

Unreleased stuff you might want to preview

If you're using kubernetes and haven't checked out autocert yet, you should. We're also working on a cert-manager integration for step-ca and an Envoy SDS integration.

That's it, for now…

Star step cli
Star step certificates

Issues & PRs always welcome. Or join us on gitter and help us build v0.13.0!

Subscribe to updates
Unsubscribe anytime, see Privacy Policy