Manage, configure, and inspect all of your certificate authority provisioners in one place

Linda Ikechukwu

Follow Smallstep

To effectively use the Smallstep platform and open-source tools to issue and manage certificates, it's essential to have a faint understanding of provisioners. 'Provisioners' are a proprietary term within the Smallstep ecosystem and are crucial to how the Smallstep Platform works.

Different types of entities (An entity is anything that exists logically or conceptually) within your organization will require certificates. For example, you might need to provide certificates for developers, internal websites, Kubernetes ingresses, and more. Provisioners are endpoints on a Smallstep certificate authority that:

1. Authenticate the identity and eligibility of entities to obtain certificates from a Smallstep CA.
2. Ensure certificates are configured correctly based on the entity for which the certificate is intended.

So you can have a single CA that issues certificates and several provisioners that implement different certificate issuance methods to support different workflows and entities under that CA.

Think of it like obtaining identity documents for a car, pet, or yourself. The same government oversees these identity documents, but you must visit different organizations within the same government to obtain them. The driving license organization does not issue national identification cards or passports. The same goes for certificates—while you might use a single CA to issue all of your certificates, depending on what you want to use the certificate to identify or what kind of workflow you want to implement, you must go through a corresponding provisioner with the capacity to do so.

If you want to learn more about provisioners on the Smallstep platform, watch this video—our Developer Advocate, Linda Ikechukwu, explains more about how to add, edit, delete, and manage provisioners on your authority.