Integrations

step-ca integrates with a number of different protocols and platforms. Many of these integrations are native to step-ca (like support for ACME and OIDC), while others require additional tools from the smallstep library (e.g. autocert).

This document lists, briefly describes, and links to documentation for all step-ca integrations.

Protocols and Platforms

ACME

Both step and step-ca are natively integrated with the ACME protocol. step can be used to request ACME certificates from any ACME server, while step-ca is a fully functional private ACME server that works with all popular ACME clients.

OIDC

Both step and step-ca natively support working with and issuing credentials in exchange for OIDC tokens.

Learn more about how to configure an OIDC provisioner.

Cloud Instance Identity

Cloud Instance Identity Documents (IIDs) are cryptographically signed blobs of information about a host that are often used by workloads to authenticate one another across one's infrastructure.

Both step and step-ca natively support working with and issuing credentials in exchange for IIDs from AWS, GCP, and Azure.

Kubernetes

autocert is our kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers. Learn more about how to install and configure autocert.

Alternatively, if you already use cert-manager, you can configure it to trust step-ca for use with ACME.

Envoy Secret Discovery Service (SDS)

step-sds implements the server-side API of Envoy SDS, which pushes certificates to the client. Both mTLS and Unix Domain Socket configurations are supported.

Learn more about how to install and configure step-sds.

Cryptographic Protection

Cloud Key Management Service

Cloud Key Management Services (Cloud KMS) allow users to store cryptographic keys and sign certificates using cloud storage and APIs.

Google Cloud KMS and Amazon AWS KMS are currently supported.

Learn more about how to configure Cloud KMS.

YubiKey PIV

Want to store your CA locally on a YubiKey? step-ca supports the YubiKey PIV application. Learn more.

PKCS#11 HSMs

step-ca supports PKCS#11 hardware security modules (HSMs). Learn more.

Subscribe

Unsubscribe anytime. See our privacy policy.