The command-line interface for all things smallstep & a swiss-army knife for day-to-day production identity operations

step is an Open Source command-line tool for developers, operators, and security professionals to configure, operate, and automate the smallstep toolchain and open standard identity technologies.

Install Now

brew install step
Install on another platform >

Open sourced on GitHub:

Star Watch Fork

Why people love step

Easy to use, hard to misuse

Safe defaults everywhere encourage best practices by making the right thing easy. Insecure or subtle operations are gated with flags to prevent accidental misuse.

Help that’s actually helpful

Run step help on any subcommand to find thorough documentation, examples, and in-depth discussion of relevant security, architectural, and operational considerations.

Friendly workflows

Thoughtfully designed to be intuitive, get the job done, and get out of the way. With step, complex security operations become simple and obvious.

A Few Things You Can Do With step

Get an OAuth access token or OpenID Connect identity token to access APIs

Get an OAuth access token or OpenID Connect identity token to access APIs

Get an OAuth access token or OpenID Connect identity token to access APIs

Get an OAuth access token or OpenID Connect identity token to access APIs
Get TLS certificates from step-ca

Get TLS certificates from step-ca

Inspect and lint X.509 certificates

Inspect and lint X.509 certificates

Inspect and lint X.509 certificates

Inspect and lint X.509 certificates
Install root certificates and issue locally-trusted development & enterprise certificates

Install root certificates and issue locally-trusted development & enterprise certificates

Verify and inspect JWTs

Verify and inspect JWTs

Verify and inspect JWTs

Verify and inspect JWTs

What’s Included

Everything you need to work with certificates, tokens, JOSE structures (JWT, JWK, JWE, JWS), and common cryptography primitives.

X.509 Certificates for TLS & HTTPS

X.509 Certificates for TLS & HTTPS

Streamlined integration with smallstep’s online certificate authority for easy automated certificate management plus low-level tools for ad-hoc creation, inspection, distribution, installation, and validation of X.509 certificates.

X.509 Certificates for TLS & HTTPS

Streamlined integration with smallstep’s online certificate authority for easy automated certificate management plus low-level tools for ad-hoc creation, inspection, distribution, installation, and validation of X.509 certificates.

X.509 Certificates for TLS & HTTPS
JOSE (JWT and friends)

JOSE (JWT and friends)

Work with JSON Object Signing and Encryption (JOSE) data structures: create a JWK; sign, verify, and inspect JWTs & JWS; encrypt and decrypt using JWE.

OAuth OIDC & MFA

OAuth OIDC & MFA

Get OAuth access tokens and OpenID Connect (OIDC) identity tokens at the command line. Generate and validate TOTP tokens. Integrate with U2F/UAF security tokens (coming soon).

OAuth OIDC & MFA

Get OAuth access tokens and OpenID Connect (OIDC) identity tokens at the command line. Generate and validate TOTP tokens. Integrate with U2F/UAF security tokens (coming soon).

OAuth OIDC & MFA
SSH Single Sign-On coming soon

SSH Single Sign-On coming soon

Manage SSH access using an existing OAuth OIDC identity provider like Okta, GSuite, or Active Directory. Simplify SSH access management and improve security without changing how you use SSH.

Everything you need to work with certificates, tokens, single sign-on, JOSE structures (JWT, JWK, JWE, JWS), and common cryptography primitives.

Join the community

  1. Read the docs
  2. Releases
  3. step CLI on github
  4. Join our discussion forum
brew install step
Install on another platform >