The step toolchain

There are a lot of step related names floating around in these docs: step, step ca, step-ca, and step certificates to name a few.

These names refer to different parts of the step toolchain — a suite of composable tools and infrastructure components that work together to address a variety of use cases. The step toolchain is standards-based and mostly open source.

Currently, there are two core step toolchain components: step and step-ca:

  • step (github) is the command-line interface (CLI) for all things smallstep, and a swiss-army knife for day-to-day production identity operations. It’s an easy-to-use openssl replacement for working with standards like X.509, JWT, and OAuth. It’s also used to configure, operate, and automate other step toolchain components. step’s functionality is organized in a hierarchy of command groups, with subcommands like step crypto jwt inspect and step ca init.
  • step-ca is a certificate authority (CA) that you can run yourself, that exposes a JSON/HTTPS API for automated certificate management. step integrates with step-ca via the step ca command group to streamline certificate management workflows, making automation even easier. For instance, you can use step ca certificate to get a certificate from step-ca.

Step certificates (github) refers to step-ca, the step ca command group, and other certificate-related extensions and integrations (e.g., step-sds and autocert).

In general, anything highlighted as code — like step, step-ca, and step ca certificate — refers to a program name or a subcommand that you can type into the command line. Italicized phrases like step certificates and autocert refer to larger projects and products that compose, extend, and integrate parts of the step toolchain to solve a specific problem.