The command-line interface for all things smallstep & a swiss-army knife for day-to-day production identity operations

step is an Open Source command-line tool for developers, operators, and security professionals to configure, operate, and automate the smallstep toolchain and open standard identity technologies.

Install Now

Open sourced on GitHub:

Star Watch Fork

Why people love step

A Few Things You Can Do With step

Get an OAuth access token or OpenID Connect identity token to access APIs

Get an OAuth access token or OpenID Connect identity token to access APIs

Get an OAuth access token or OpenID Connect identity token to access APIs

Get an OAuth access token or OpenID Connect identity token to access APIs
Get TLS certificates from step-ca

Get TLS certificates from step-ca

Inspect and lint X.509 certificates

Inspect and lint X.509 certificates

Inspect and lint X.509 certificates

Inspect and lint X.509 certificates
Install root certificates and issue locally-trusted development & enterprise certificates

Install root certificates and issue locally-trusted development & enterprise certificates

Verify and inspect JWTs

Verify and inspect JWTs

Verify and inspect JWTs

Verify and inspect JWTs

What’s Included

Everything you need to work with certificates, tokens, JOSE structures (JWT, JWK, JWE, JWS), and common cryptography primitives.

X.509 Certificates for TLS & HTTPS

X.509 Certificates for TLS & HTTPS

Streamlined integration with smallstep’s online certificate authority for easy automated certificate management plus low-level tools for ad-hoc creation, inspection, distribution, installation, and validation of X.509 certificates.

X.509 Certificates for TLS & HTTPS

Streamlined integration with smallstep’s online certificate authority for easy automated certificate management plus low-level tools for ad-hoc creation, inspection, distribution, installation, and validation of X.509 certificates.

X.509 Certificates for TLS & HTTPS
JOSE (JWT and friends)

JOSE (JWT and friends)

Work with JSON Object Signing and Encryption (JOSE) data structures: create a JWK; sign, verify, and inspect JWTs & JWS; encrypt and decrypt using JWE.

OAuth OIDC & MFA

OAuth OIDC & MFA

Get OAuth access tokens and OpenID Connect (OIDC) identity tokens at the command line. Generate and validate TOTP tokens. Integrate with U2F/UAF security tokens (coming soon).

OAuth OIDC & MFA

Get OAuth access tokens and OpenID Connect (OIDC) identity tokens at the command line. Generate and validate TOTP tokens. Integrate with U2F/UAF security tokens (coming soon).

OAuth OIDC & MFA
SSH Single Sign-On coming soon

SSH Single Sign-On coming soon

Manage SSH access using an existing OAuth OIDC identity provider like Okta, GSuite, or Active Directory. Simplify SSH access management and improve security without changing how you use SSH.

Everything you need to work with certificates, tokens, single sign-on, JOSE structures (JWT, JWK, JWE, JWS), and common cryptography primitives.