{"id":13461382,"url":"https://github.com/smallstep/cli","last_synced_at":"2026-04-02T00:10:56.878Z","repository":{"id":37334666,"uuid":"141352703","full_name":"smallstep/cli","owner":"smallstep","description":"🧰  A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.","archived":false,"fork":false,"pushed_at":"2026-03-31T21:59:19.000Z","size":8250,"stargazers_count":4174,"open_issues_count":169,"forks_count":294,"subscribers_count":58,"default_branch":"master","last_synced_at":"2026-04-01T01:07:38.959Z","etag":null,"topics":["certificate","cryptography","encryption","jose","jwe","jws","jwt","mfa","oath","oauth","security","security-tools","ssh","sso","tls","totp","x509"],"latest_commit_sha":null,"homepage":"https://smallstep.com/cli","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/smallstep.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"docs/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-07-17T22:41:15.000Z","updated_at":"2026-03-31T21:59:22.000Z","dependencies_parsed_at":"2023-10-05T02:00:41.146Z","dependency_job_id":"d240f463-27ec-48be-901a-2389a0bdd833","html_url":"https://github.com/smallstep/cli","commit_stats":{"total_commits":2567,"total_committers":84,"mean_commits":30.55952380952381,"dds":0.6941955590183093,"last_synced_commit":"dfcab027bfa426d5911bc8f11a4495e4505ccf0d"},"previous_names":[],"tags_count":352,"template":false,"template_full_name":null,"purl":"pkg:github/smallstep/cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallstep%2Fcli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallstep%2Fcli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallstep%2Fcli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallstep%2Fcli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/smallstep","download_url":"https://codeload.github.com/smallstep/cli/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smallstep%2Fcli/sbom","scorecard":{"id":832464,"data":{"date":"2025-08-11","repo":{"name":"github.com/smallstep/cli","commit":"b4bdba348ad1c9c12c4c1d5e6ad44550b4d926b5"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":7.5,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/ci.yml:22","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:23","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/ci.yml:24","Info: jobLevel 'contents' permission set to 'read': .github/workflows/code-scan-cron.yml:11","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/code-scan-cron.yml:12","Info: jobLevel 'actions' permission set to 'read': .github/workflows/code-scan-cron.yml:10","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:69","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/release.yml:70","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:82","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:96","Info: jobLevel 'actions' permission set to 'read': .github/workflows/release.yml:12","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:13","Warn: jobLevel 'security-events' permission set to 'write': .github/workflows/release.yml:14","Warn: topLevel 'contents' permission set to 'write': .github/workflows/actionlint.yml:11","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/code-scan-cron.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/dependabot-auto-merge.yml:5","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/triage.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/actionlint.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/smallstep/cli/actionlint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/smallstep/cli/ci.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/code-scan-cron.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/smallstep/cli/code-scan-cron.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-auto-merge.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/smallstep/cli/dependabot-auto-merge.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/smallstep/cli/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/smallstep/cli/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/smallstep/cli/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/smallstep/cli/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/triage.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/smallstep/cli/triage.yml/master?enable=pin","Warn: containerImage not pinned by hash: docker/Dockerfile:1","Warn: containerImage not pinned by hash: docker/Dockerfile:22: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: containerImage not pinned by hash: docker/Dockerfile.debian:1","Warn: containerImage not pinned by hash: docker/Dockerfile.debian:23: pin your Docker image by updating debian:bookworm to debian:bookworm@sha256:731dd1380d6a8d170a695dbeb17fe0eade0e1c29f654cf0a3a07f372191c3f4b","Info:   3 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   3 out of  12 third-party GitHubAction dependencies pinned","Info:   0 out of   4 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":8,"reason":"4 out of the last 4 releases have a total of 4 signed artifacts.","details":["Info: signed release artifact: checksums.txt.sig: https://github.com/smallstep/cli/releases/tag/v0.28.7","Info: signed release artifact: checksums.txt.sig: https://github.com/smallstep/cli/releases/tag/v0.28.7-rc9","Info: signed release artifact: checksums.txt.sig: https://github.com/smallstep/cli/releases/tag/v0.28.7-rc7","Info: signed release artifact: checksums.txt.sig: https://github.com/smallstep/cli/releases/tag/v0.28.7-rc11","Warn: release artifact v0.28.7 does not have provenance: https://api.github.com/repos/smallstep/cli/releases/232102666","Warn: release artifact v0.28.7-rc9 does not have provenance: https://api.github.com/repos/smallstep/cli/releases/232067235","Warn: release artifact v0.28.7-rc7 does not have provenance: https://api.github.com/repos/smallstep/cli/releases/232065244","Warn: release artifact v0.28.7-rc11 does not have provenance: https://api.github.com/repos/smallstep/cli/releases/232073075"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T18:06:06.621Z","repository_id":37334666,"created_at":"2025-08-23T18:06:06.621Z","updated_at":"2025-08-23T18:06:06.621Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31293290,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","cryptography","encryption","jose","jwe","jws","jwt","mfa","oath","oauth","security","security-tools","ssh","sso","tls","totp","x509"],"created_at":"2024-07-31T11:00:37.146Z","updated_at":"2026-04-02T00:10:56.868Z","avatar_url":"https://github.com/smallstep.png","language":"Go","funding_links":[],"categories":["Misc","Go","\u003ca id=\"862af330f45f21fbb0d495837fc7e879\"\u003e\u003c/a\u003e工具","Tool","security-tools","Security"],"sub_categories":["\u003ca id=\"764122f9a7cf936cd9bce316b09df5aa\"\u003e\u003c/a\u003e认证\u0026\u0026Authenticate","CLI","Misc"],"readme":"# Step CLI\n\n[![GitHub release](https://img.shields.io/github/release/smallstep/cli.svg)](https://github.com/smallstep/cli/releases)\n[![Go Report Card](https://goreportcard.com/badge/github.com/smallstep/cli)](https://goreportcard.com/report/github.com/smallstep/cli)\n[![Build Status](https://github.com/smallstep/cli/actions/workflows/test.yml/badge.svg)](https://github.com/smallstep/cli)\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![CLA assistant](https://cla-assistant.io/readme/badge/smallstep/cli)](https://cla-assistant.io/smallstep/cli)\n\n[![GitHub stars](https://img.shields.io/github/stars/smallstep/cli.svg?style=social)](https://github.com/smallstep/cli/stargazers)\n[![Twitter followers](https://img.shields.io/twitter/follow/smallsteplabs.svg?label=Follow\u0026style=social)](https://twitter.com/intent/follow?screen_name=smallsteplabs)\n\n`step` is an easy-to-use CLI tool for building, operating, and automating Public Key Infrastructure (PKI) systems and workflows.\nIt's also a client for the [`step-ca` online Certificate Authority (CA)](https://github.com/smallstep/certificates) server.\nYou can use it for many common crypto and X.509 operations—either independently, or with an online CA.\n\n**Questions? Ask us on [GitHub Discussions](https://github.com/smallstep/certificates/discussions) or [Discord](https://u.step.sm/discord).**\n\n[Website](https://smallstep.com) |\n[Documentation](https://smallstep.com/docs/step-cli) |\n[Installation](https://smallstep.com/docs/step-cli/installation) |\n[Basic Crypto Operations](https://smallstep.com/docs/step-cli/basic-crypto-operations) |\n[Contributor's Guide](./docs/CONTRIBUTING.md)\n\n## Features\n\nStep CLI's command groups illustrate its wide-ranging uses:\n\n- [`step certificate`](https://smallstep.com/docs/step-cli/reference/certificate/): Work with X.509 (TLS/HTTPS) certificates.\n  - Create, revoke, validate, lint, and bundle X.509 certificates.\n  - Install (and remove) X.509 certificates into your system's (and browser's) trust store.\n  - Validate certificate deployment and renewal status for automation\n  - Create key pairs (RSA, ECDSA, EdDSA) and certificate signing requests (CSRs)\n  - [Sign CSRs](https://smallstep.com/docs/step-cli/reference/certificate/sign/)\n  - Create [RFC5280](https://tools.ietf.org/html/rfc5280) and [CA/Browser Forum](https://cabforum.org/baseline-requirements-documents/)-compliant certificates that work for TLS and HTTPS\n  - [Create](https://smallstep.com/docs/step-cli/reference/certificate/create/) CA certificates (root and intermediate signing certificates)\n  - Create self-signed \u0026 CA-signed certificates\n  - [Inspect](https://smallstep.com/docs/step-cli/reference/certificate/inspect/) and [lint](https://smallstep.com/docs/step-cli/reference/certificate/lint/) certificates on disk or in use by a remote server\n  - [Install root certificates](https://smallstep.com/docs/step-cli/reference/certificate/install/) so your CA is trusted by default (issue development certificates **that [work in browsers](https://smallstep.com/blog/step-v0-8-6-valid-HTTPS-certificates-for-dev-pre-prod.html)**)\n\n- [`step ca`](https://smallstep.com/docs/step-cli/reference/ca/): Administer and use a [`step-ca`](https://github.com/smallstep/certificates) server, or any ACMEv2 ([RFC8555](https://tools.ietf.org/html/rfc8555)) compliant CA server. ACME is the protocol used by Let's Encrypt to automate the issuance of HTTPS certificates.\n  - Initialize an X.509 and/or SSH CA in one command\n  - [Authenticate and obtain a certificate](https://smallstep.com/docs/step-cli/reference/ca/certificate/) using any enrollment mechanism supported by [`step-ca`](https://github.com/smallstep/certificates)\n  - Securely [distribute root certificates](https://smallstep.com/docs/step-cli/reference/ca/root/) and [bootstrap](https://smallstep.com/docs/step-cli/reference/ca/bootstrap/) PKI relying parties\n  - [Renew](https://smallstep.com/docs/step-cli/reference/ca/renew/) and [revoke](https://smallstep.com/docs/step-cli/reference/ca/revoke/) certificates issued by [`step-ca`](https://github.com/smallstep/certificates)\n  - [Submit CSRs](https://smallstep.com/docs/step-cli/reference/ca/sign/) to be signed by [`step-ca`](https://github.com/smallstep/certificates)\n  - With an ACME CA, `step` supports the `http-01` challenge type\n\n- [`step crypto`](https://smallstep.com/docs/step-cli/reference/crypto/): A general-purpose crypto toolkit\n  - Work with [JWTs](https://jwt.io) ([RFC7519](https://tools.ietf.org/html/rfc7519)) and [other JOSE constructs](https://datatracker.ietf.org/wg/jose/documents/)\n    - [Sign](https://smallstep.com/docs/step-cli/reference/crypto/jwt/sign), [verify](https://smallstep.com/docs/step-cli/reference/crypto/jwt/verify), and [inspect](https://smallstep.com/docs/step-cli/reference/crypto/jwt/inspect) JSON Web Tokens (JWTs)\n    - [Sign](https://smallstep.com/docs/step-cli/reference/crypto/jws/sign), [verify](https://smallstep.com/docs/step-cli/reference/crypto/jws/verify), and [inspect](https://smallstep.com/docs/step-cli/reference/crypto/jws/inspect/) arbitrary data using JSON Web Signature (JWS)\n    - [Encrypt](https://smallstep.com/docs/step-cli/reference/crypto/jwe/encrypt/) and [decrypt](https://smallstep.com/docs/step-cli/reference/crypto/jwe/decrypt/) data and wrap private keys using JSON Web Encryption (JWE)\n    - [Create JWKs](https://smallstep.com/docs/step-cli/reference/crypto/jwk/create/) and [manage key sets](https://smallstep.com/docs/step-cli/reference/crypto/jwk/keyset) for use with JWT, JWE, and JWS\n  - [Generate and verify](https://smallstep.com/docs/step-cli/reference/crypto/otp/) TOTP tokens for multi-factor authentication (MFA)\n  - Work with [NaCl](https://nacl.cr.yp.to/)'s high-speed tools for encryption and\n      signing\n  - [Apply key derivation functions](https://smallstep.com/docs/step-cli/reference/crypto/kdf/) (KDFs) and [verify passwords](https://smallstep.com/docs/step-cli/reference/crypto/kdf/compare/) using `scrypt`, `bcrypt`, and `argon2`\n  - Generate and check [file hashes](https://smallstep.com/docs/step-cli/reference/crypto/hash/)\n\n- [`step oauth`](https://smallstep.com/docs/step-cli/reference/oauth/): Add an OAuth 2.0 single sign-on flow to any CLI application.\n  - Supports OAuth authorization code, out-of-band (OOB), JWT bearer, and refresh token flows\n  - Get OAuth access tokens and OIDC identity tokens at the command line from any provider.\n  - Verify OIDC identity tokens (`step crypto jwt verify`)\n\n- [`step ssh`](https://smallstep.com/docs/step-cli/reference/ssh/): Create and manage SSH certificates (requires an online or offline [`step-ca`](https://github.com/smallstep/certificates) instance)\n  - Generate SSH user and host key pairs and short-lived certificates\n  - Add and remove certificates to the SSH agent\n  - Inspect SSH certificates\n  - Login and use [single sign-on SSH](https://smallstep.com/blog/diy-single-sign-on-for-ssh/)\n\n## Installation\n\nSee our installation docs [here](https://smallstep.com/docs/step-cli/installation).\n\n## Example\n\nHere's a quick example, combining `step oauth` and `step crypto` to get and verify the signature of a Google OAuth OIDC token:\n\n![Animated terminal showing step in practice](https://smallstep.com/images/blog/2018-08-07-unfurl.gif)\n\n## Plugins\n\nA plugin is an executable file named using the format `step-\u003cname\u003e-plugin`.\nPlugins must be available in your `$PATH` or in the `$STEPPATH/plugins`\ndirectory (that's `$HOME/.step/plugins`, by default).\n\nWhen you run `step \u003cname\u003e`, the CLI will automatically execute the corresponding\nplugin, if found.\n\nSome known plugins include:\n\n- [**step-kms-plugin**](https://github.com/smallstep/step-kms-plugin): Manage\nkeys and certificates stored in a KMS, including HSMs, TPMs, YubiKeys, the macOS\nKeychain, and cloud KMSs.\n- [**step-kmsproxy-plugin**](https://github.com/orbit-online/step-kmsproxy-plugin):\nProvides an HSM/KMS-backed authenticating proxy for mTLS services. Thanks to\n[@andsens](https://github.com/andsens) for creating and maintaining this plugin!\n\n`step-kms-plugin` is also integrated directly into `step` to create\ncertificates, generate CSRs, sign tokens, and more using KMS-backed keys.\n\n## Community\n\n* Connect with `step` users on [GitHub Discussions](https://github.com/smallstep/certificates/discussions) or [Discord](https://u.step.sm/discord)\n* [Open an issue](https://github.com/smallstep/cli/issues/new/choose) and tell us what features you'd like to see\n* [Contribute](./docs/CONTRIBUTING.md) to the `step` codebase\n* [Follow Smallstep on Twitter](https://twitter.com/smallsteplabs)\n\n## Further Reading\n\n* [Full documentation for `step`](https://smallstep.com/docs/step-cli)\n* We have more examples of `step` and `step-ca` in action on [the Smallstep blog](https://smallstep.com/blog).\n* If you're new to PKI and X.509 certificates, or you want a refresher on the core concepts, you may enjoy [Everything PKI](https://smallstep.com/blog/everything-pki/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmallstep%2Fcli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsmallstep%2Fcli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmallstep%2Fcli/lists"}