Integrations

step-ca integrates with a number of different protocols and platforms. Many of these integrations are native to step-ca (like support for ACME and OIDC), while others require additional tools from the smallstep library (e.g. autocert).

This document lists, briefly describes, and links to documentation for all step-ca integrations.

ACME

Both step and step-ca are natively integrated with the ACME protocol. step can be used to request ACME certificates from any ACME server, while step-ca is a fully functional private ACME server that works with all popular ACME clients.

OIDC

Both step and step-ca natively support working with and issuing credentials in exchange for OIDC tokens.

Learn more about how to configure an OIDC provisioner.

Cloud Key Management Service

Cloud Key Management Services (Cloud KMS) allow users to store cryptographic keys and sign certificates using cloud storage and APIs.

Google Cloud KMS and Amazon AWS KMS are currently supported. An experimental version for YubiKey PIV is also available.

Learn more about how to configure Cloud KMS.

Cloud Instance Identity

Cloud Instance Identity Documents (IIDs) are cryptographically signed blobs of information about a host that are often used by workloads to authenticate one another across one's infrastructure.

Both step and step-ca natively support working with and issuing credentials in exchange for IIDs from AWS, GCP, and Azure.

Kubernetes: autocert

autocert is a kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers.

Learn more about how to install and configure autocert.

Envoy Secret Discovery Service (SDS): step-sds

step-sds implements the server-side API of Envoy SDS, which pushes certificates to the client. Both mTLS and Unix Domain Socket configurations are supported.

Learn more about how to install and configure step-sds.

YubiKey PIV

Want to store your CA locally on a YubiKey? Experimental support for YubiKey's PIV application is available. Learn more.

Subscribe

Unsubscribe anytime. See our privacy policy.