Disambiguating step by step

There are a lot of step related names and commands floating around these docs, step, step ca, step-ca and step certificates to name a few. This is an attempt to provide some guidance on what is what.

  • step is a command line security utility for working with standards like X.509, JWT, and OAuth. It’s an easy-to-use openssl replacement for many common use cases. It also does some things that openssl and similar tools can’t. Apropos of the current discusion, step integrates with the step-ca API to streamline certificate management workflows, making automation even easier.

  • step ca subcommands integrate with the step-ca API.

  • step certificates extends step, adding a certificate authority (step-ca) and subcommands to make secure automated certificate management easy. step certificates has two core components:

    • The step-ca binary is a certificate authority (CA) service that you run yourself.
    • The certificate authority exposes a JSON/HTTPS API for automating certificate management (certificate signing/issuance, renewal, and revocation).