Integrations
step-ca integrates with a number of different protocols and platforms. Many
of these integrations are native to step-ca (like support for ACME
and OIDC), while others require additional tools from the smallstep
library (e.g. autocert).
This document lists, briefly describes, and links to documentation for all
step-ca integrations.
Both step and step-ca are natively integrated with the ACME protocol. step
can be used to request ACME certificates from any ACME server, while step-ca
is a fully functional private ACME server that works with all popular ACME clients.
Learn more about how to setup your own private ACME server and configure popular ACME clients to use that server.
Both step and step-ca natively support working with and issuing
credentials in exchange for OIDC tokens.
Learn more about how to configure an OIDC provisioner.
Cloud Key Management Services (Cloud KMS) allow users to store cryptographic keys and sign certificates using cloud storage and APIs.
Google Cloud KMS and Amazon AWS KMS are currently supported. An experimental version for YubiKey PIV is also available.
Learn more about how to configure Cloud KMS.
Cloud Instance Identity Documents (IIDs) are cryptographically signed blobs of information about a host that are often used by workloads to authenticate one another across one's infrastructure.
Both step and step-ca natively support working with and issuing
credentials in exchange for IIDs from AWS, GCP, and Azure.
Learn more about how to configure a cloud identity document provisioner.
autocert is a kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers.
Learn more about how to install and configure autocert.
step-sds implements the server-side API of Envoy SDS, which
pushes certificates to the client. Both mTLS and Unix Domain Socket
configurations are supported.
Learn more about how to install and configure step-sds.
Want to store your CA locally on a YubiKey? Experimental support for YubiKey's PIV application is available. Learn more.
