Inventories are catalogs or lists of entities like hosts, services, locations, or people. Inventories provide a secure mapping between details that are available from the credential used to request a certificate and additional metadata that needs to be bound in the issued certificate. You can use Inventories along with other Smallstep Platform components to:

  • Customize Certificates - An inventory can map the hostname of a VM to the name of a workload running on that VM, or map an email address to a POSIX username. In both cases, the name in the authentication credential used to request a certificate does not match the name that should be in the issued certificate.
  • Authorize Certificate Requests - Inventory metadata can also be used to authorize a certificate request. For example, certificate issuance via the OIDC provisioner can be restricted to a particular subdomain based on group membership information maintained in a user inventory.

Learn More

Inventories are a feature of the commercial Smallstep Certificate Manager offering. Available in 1H 2021.

Subscribe to updates

Unsubscribe anytime. See our privacy policy.