Inventories are catalogs or lists of entities like hosts, services, locations, or people. Inventories provide a secure mapping between details that are available from the credential used to request a certificate and additional metadata that needs to be bound in the issued certificate. You can use Inventories along with other Smallstep Platform components to:
- Customize Certificates - An inventory can map the hostname of a VM to the name of a workload running on that VM, or map an email address to a POSIX username. In both cases, the name in the authentication credential used to request a certificate does not match the name that should be in the issued certificate.
- Authorize Certificate Requests - Inventory metadata can also be used to authorize a certificate request. For example, certificate issuance via the OIDC provisioner can be restricted to a particular subdomain based on group membership information maintained in a user inventory.
Inventories are an upcoming feature of the commercial Smallstep Certificate Manager offering.