NAME

step ca provisioner remove – remove one, or more, provisioners from the CA configuration

USAGE

step ca provisioner remove name [–kid=kid] [–config=file] [–all]

DESCRIPTION

step ca provisioner remove removes one or more provisioners from the configuration and writes the new configuration back to the CA config.

POSITIONAL ARGUMENTS

name
The name field of the provisioner(s) to be removed.

OPTIONS

–ca-config=file
The file containing the CA configuration.
–kid=kid
The kid (Key ID) of the JWK provisioner key to be removed.
–client-id=id
The id (Client ID) of the OIDC provisioner to be removed.
–all
Remove all provisioners with a given name. Cannot be used in combination w/ the –kid or –client-id flag.
–type=type

The type of provisioner to remove. Type is a case-insensitive string and must be one of: JWK

Uses an JWK key pair to sign bootstrap tokens.
OIDC
Uses an OpenID Connect provider to sign bootstrap tokens.
AWS
Uses Amazon AWS instance identity documents.
GCP
Use Google instance identity tokens.
Azure
Uses Microsoft Azure identity tokens.
ACME
Uses ACME protocol.

EXAMPLES

Remove all provisioners associated with a given name (max@smallstep.com):

$ step ca provisioner remove max@smallstep.com --all --ca-config ca.json

Remove the provisioner matching a given name and kid:

$ step ca provisioner remove max@smallstep. --kid 1234 --ca-config ca.json

Remove the provisioner matching a given name and a client id:

$ step ca provisioner remove Google --ca-config ca.json \
  --client-id 1087160488420-8qt7bavg3qesdhs6it824mhnfgcfe8il.apps.googleusercontent.com

Remove the cloud identity provisioner given name and a type:

$ step ca provisioner remove Amazon --ca-config ca.json --type AWS

Remove the ACME provisioner by name:

$ step ca provisioner remove Amazon --ca-config ca.json --type AWS