Download Latest Version
step-ca_linux_386.tar.gz (15.7 MB)
Get an email when there's a new version of Step Certificates
Official Release Artifacts
Linux
- 📦 step-ca_linux_0.29.0_amd64.tar.gz
- 📦 step-ca_0.29.0-1_amd64.deb
- 📦 step-ca-0.29.0-1.x86_64.rpm
- 📦 step-ca_0.29.0-1_arm64.deb
- 📦 step-ca-0.29.0-1.aarch64.rpm
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate step-ca_darwin_0.29.0_amd64.tar.gz.pem \
--signature step-ca_darwin_0.29.0_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
step-ca_darwin_0.29.0_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- [992ff6] Merge pull request [#2491] from smallstep/mariano/update
- [9d79c5] Merge branch 'master' into mariano/update
- [8e76e2] Disable govulncheck until go 1.25.5 is available in github actions (#2490)
- [1011f5] Improve validation in authorization path
- [48ed3a] Changelog updates for preparing for v0.29.0 (#2488)
- [008e6a] Merge pull request [#2487] from smallstep/dependabot/github_actions/softprops/action-gh-release-2.5.0
- [895e8c] Bump softprops/action-gh-release from 2.4.2 to 2.5.0
- [930e8f] Merge pull request [#2477] from smallstep/dependabot/go_modules/golang.org/x/crypto-0.45.0
- [d75378] Bump golang.org/x/crypto from 0.44.0 to 0.45.0
- [07fa34] Merge pull request [#2481] from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.42.0
- [2d6b35] Bump github.com/newrelic/go-agent/v3 from 3.41.0 to 3.42.0
- [b15aea] Merge pull request [#2482] from smallstep/dependabot/go_modules/google.golang.org/grpc-1.77.0
- [562fb7] Merge pull request [#2483] from smallstep/dependabot/go_modules/github.com/coreos/go-oidc/v3-3.17.0
- [0b1ac1] Bump github.com/coreos/go-oidc/v3 from 3.16.0 to 3.17.0
- [bbbe61] Bump google.golang.org/grpc from 1.76.0 to 1.77.0
- [2746cd] Merge pull request [#2474] from smallstep/dependabot/go_modules/golang.org/x/net-0.47.0
- [5e8fa9] Bump golang.org/x/net from 0.46.0 to 0.47.0
- [1bd985] Merge pull request [#2472] from smallstep/dependabot/go_modules/google.golang.org/api-0.256.0
- [d37d1c] Bump google.golang.org/api from 0.255.0 to 0.256.0
- [1cf5fd] Merge pull request [#2471] from smallstep/dependabot/go_modules/golang.org/x/crypto-0.44.0
- [6315e2] Merge pull request [#2473] from smallstep/dependabot/go_modules/github.com/google/go-tpm-0.9.7
- [0f77bf] Bump github.com/google/go-tpm from 0.9.6 to 0.9.7
- [d722ad] Bump golang.org/x/crypto from 0.43.0 to 0.44.0
- [b5e873] Merge pull request [#2463] from provokateurin/feat/sd_notify
- [ae7309] Merge pull request [#2468] from smallstep/herman/upgrade-safecast-v2
- [c39ef9] Update to
v2ofgithub.com/ccoVeille/go-safecast - [5205cc] Merge pull request [#2466] from smallstep/dependabot/go_modules/golang.org/x/sync-0.18.0
- [23fb09] Bump golang.org/x/sync from 0.17.0 to 0.18.0
- [5f6353] Merge pull request [#2464] from smallstep/dependabot/go_modules/google.golang.org/api-0.255.0
- [130d0f] Bump google.golang.org/api from 0.254.0 to 0.255.0
- [1b93a9] Merge pull request [#2465] from smallstep/dependabot/go_modules/go.step.sm/crypto-0.74.0
- [68173e] Merge pull request [#2467] from smallstep/dependabot/github_actions/softprops/action-gh-release-2.4.2
- [35702e] Bump softprops/action-gh-release from 2.4.1 to 2.4.2
- [a05f00] Bump go.step.sm/crypto from 0.73.0 to 0.74.0
- [0c79ee] feat: Add sd_notify support
- [2204af] Merge pull request [#2461] from roeldev/feat-add-docker-init-envs
- [61e37b] Add additional DOCKER_STEPCA_INIT_* envs
- [8f558d] Merge pull request [#2456] from smallstep/dependabot/go_modules/google.golang.org/api-0.254.0
- [ea7a7f] Bump google.golang.org/api from 0.253.0 to 0.254.0
- [9fe89b] Merge pull request [#2457] from smallstep/dependabot/go_modules/github.com/ccoveille/go-safecast-1.8.1
- [6dd096] Use
go-safecastgenericConvertfunction to convert integers - [0f8078] Bump github.com/ccoveille/go-safecast from 1.7.0 to 1.8.1
- [bfbe9d] Merge pull request [#2455] from smallstep/dependabot/go_modules/go.step.sm/crypto-0.73.0
- [69d8dd] Add additional
goseclinter exceptions to ACME linker - [745fb7] Remove deprecated
+buildtags - [18b418] Bump go.step.sm/crypto from 0.72.0 to 0.73.0
- [cc7f14] Merge pull request [#2447] from smallstep/dependabot/go_modules/google.golang.org/api-0.253.0
- [d314d7] Merge pull request [#2446] from smallstep/dependabot/go_modules/github.com/smallstep/linkedca-0.25.0
- [130ab6] Bump google.golang.org/api from 0.252.0 to 0.253.0
- [5bb8ca] Bump github.com/smallstep/linkedca from 0.24.0 to 0.25.0
- [2a4c7b] Merge pull request [#2444] from smallstep/herman/acme-order-backdate
- [17a37a] Fix backdate support for ACME provisioner
- [0f591d] Merge pull request [#2435] from jas4711/chmod-x
- [f5954b] Merge pull request [#2436] from smallstep/dependabot/go_modules/go.step.sm/crypto-0.72.0
- [dffe74] Bump go.step.sm/crypto from 0.70.0 to 0.72.0
- [9364f1] Merge pull request [#2440] from smallstep/dependabot/go_modules/google.golang.org/api-0.252.0
- [5779f3] Bump google.golang.org/api from 0.251.0 to 0.252.0
- [90c126] Merge pull request [#2438] from smallstep/dependabot/go_modules/cloud.google.com/go/longrunning-0.7.0
- [a0ed59] Bump cloud.google.com/go/longrunning from 0.6.7 to 0.7.0
- [30289f] Merge pull request [#2439] from smallstep/dependabot/go_modules/github.com/smallstep/cli-utils-0.12.2
- [6acdea] Merge pull request [#2437] from smallstep/dependabot/go_modules/github.com/ccoveille/go-safecast-1.7.0
- [83b41d] Bump github.com/smallstep/cli-utils from 0.12.1 to 0.12.2
- [bcc8ce] Bump github.com/ccoveille/go-safecast from 1.6.1 to 1.7.0
- [f253cf] Disable execute permission on source files (chmod -x)
- [3207fc] Merge pull request [#2428] from smallstep/dependabot/go_modules/github.com/slackhq/nebula-1.9.7
- [a4aaeb] Bump github.com/slackhq/nebula from 1.9.6 to 1.9.7
- [f251f0] Merge pull request [#2429] from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.22.0
- [c12742] Merge pull request [#2426] from smallstep/dependabot/github_actions/softprops/action-gh-release-2.4.1
- [04851e] Merge pull request [#2427] from smallstep/dependabot/go_modules/golang.org/x/net-0.46.0
- [3e2cd3] Bump golang.org/x/net from 0.44.0 to 0.46.0
- [6886f5] Merge pull request [#2430] from smallstep/dependabot/go_modules/google.golang.org/grpc-1.76.0
- [c604a7] Bump google.golang.org/grpc from 1.75.1 to 1.76.0
- [c15499] Bump github.com/hashicorp/vault/api from 1.21.0 to 1.22.0
- [ff3c08] Bump softprops/action-gh-release from 2.3.4 to 2.4.1
- [8f77cc] Merge pull request [#2421] from smallstep/dependabot/go_modules/github.com/coreos/go-oidc/v3-3.16.0
- [1721ce] Bump github.com/coreos/go-oidc/v3 from 3.15.0 to 3.16.0
- [0b77f2] Merge pull request [#2419] from smallstep/dependabot/go_modules/google.golang.org/api-0.251.0
- [040d74] Merge pull request [#2418] from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api/auth/approle-0.11.0
- [b307c5] Bump github.com/hashicorp/vault/api/auth/approle from 0.10.0 to 0.11.0
- [de02d0] Bump google.golang.org/api from 0.250.0 to 0.251.0
- [45ab53] Merge pull request [#2420] from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api/auth/aws-0.11.0
- [9adf0c] Merge pull request [#2422] from smallstep/dependabot/go_modules/google.golang.org/protobuf-1.36.10
- [47fcb8] Merge pull request [#2423] from smallstep/dependabot/github_actions/softprops/action-gh-release-2.3.4
- [3a4215] Bump softprops/action-gh-release from 2.3.3 to 2.3.4
- [e41ffe] Bump google.golang.org/protobuf from 1.36.9 to 1.36.10
- [f95a48] Bump github.com/hashicorp/vault/api/auth/aws from 0.10.0 to 0.11.0
- [269206] Merge pull request [#2417] from smallstep/herman/update-smallstep-scep
- [20e09f] Update
smallstep/sceptoa25cabb694927a5c21251a95adb7ee54a22dee1d - [766bf0] Merge pull request [#2414] from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.41.0
- [5b6e22] Bump github.com/newrelic/go-agent/v3 from 3.40.1 to 3.41.0
- [96eec5] Merge pull request [#2413] from smallstep/dependabot/go_modules/google.golang.org/api-0.250.0
- [e55be0] Bump google.golang.org/api from 0.249.0 to 0.250.0
- [d4f765] Merge pull request [#2412] from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.19.2
- [d0e9b9] Bump cloud.google.com/go/security from 1.19.1 to 1.19.2
- [8f1296] Merge pull request [#2408] from smallstep/mariano/gcp-organization-id
- [e8bb1b] Merge pull request [#2404] from smallstep/dependabot/go_modules/google.golang.org/grpc-1.75.1
- [8b093d] Allow remote configuration of GCP organization id
- [a4845d] Bump google.golang.org/grpc from 1.75.0 to 1.75.1
- [cb4403] Merge pull request [#2403] from smallstep/dependabot/go_modules/google.golang.org/protobuf-1.36.9
- [28f4d6] Merge pull request [#2402] from smallstep/dependabot/go_modules/github.com/google/go-tpm-0.9.6
- [b83464] Bump google.golang.org/protobuf from 1.36.8 to 1.36.9
- [f55329] Bump github.com/google/go-tpm from 0.9.5 to 0.9.6
- [976eab] Merge pull request [#2397] from smallstep/herman/goreleaser-v2
- [e865f8] Use GoReleaser
v2inmake bootstrap - [034860] Merge pull request [#2394] from smallstep/dependabot/go_modules/google.golang.org/api-0.249.0
- [b2a115] Bump google.golang.org/api from 0.248.0 to 0.249.0
- [bc0c88] Merge pull request [#2392] from smallstep/dependabot/go_modules/golang.org/x/net-0.44.0
- [edcb80] Bump golang.org/x/net from 0.43.0 to 0.44.0
- [fd4c60] Merge pull request [#2393] from smallstep/dependabot/go_modules/golang.org/x/crypto-0.42.0
- [096fe6] Merge pull request [#2395] from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.21.0
- [27a269] Bump github.com/hashicorp/vault/api from 1.20.0 to 1.21.0
- [3b0c9c] Bump golang.org/x/crypto from 0.41.0 to 0.42.0
- [3f76d4] Merge pull request [#2384] from smallstep/dependabot/go_modules/golang.org/x/sync-0.17.0
- [f1092e] Fix
govetnon-constant error format string issues - [02c399] Bump golang.org/x/sync from 0.16.0 to 0.17.0
- [78bac7] Merge pull request [#2385] from smallstep/dependabot/go_modules/github.com/go-chi/chi/v5-5.2.3
- [1ed176] Merge pull request [#2388] from smallstep/dependabot/go_modules/github.com/prometheus/client_golang-1.23.2
- [ab13fb] Merge pull request [#2386] from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.19.1
- [11d0d3] Merge pull request [#2387] from smallstep/dependabot/go_modules/github.com/stretchr/testify-1.11.1
- [6e83f9] Merge pull request [#2389] from smallstep/dependabot/github_actions/softprops/action-gh-release-2.3.3
- [0adecd] Bump softprops/action-gh-release from 2.3.2 to 2.3.3
- [ca452a] Bump github.com/prometheus/client_golang from 1.23.0 to 1.23.2
- [43a719] Bump github.com/stretchr/testify from 1.11.0 to 1.11.1
- [221a73] Bump cloud.google.com/go/security from 1.19.0 to 1.19.1
- [34bf2a] Bump github.com/go-chi/chi/v5 from 5.2.2 to 5.2.3
- [1f15f4] Merge pull request [#2382] from smallstep/herman/step-managed-device
- [eb475e] Refactor searching for serial number into function
- [c5d357] Add test case for device attestation with
stepmanaged device ID - [c2e04f] Support managed device ID OID for
stepattestation format - [9c8ef0] Merge pull request [#2376] from smallstep/dependabot/go_modules/google.golang.org/api-0.248.0
- [9280e0] Bump google.golang.org/api from 0.247.0 to 0.248.0
- [623d70] Merge pull request [#2374] from smallstep/dependabot/go_modules/go.uber.org/mock-0.6.0
- [b5f9d9] Merge pull request [#2375] from smallstep/dependabot/go_modules/google.golang.org/protobuf-1.36.8
- [75ae7d] Bump google.golang.org/protobuf from 1.36.7 to 1.36.8
- [593981] Bump go.uber.org/mock from 0.5.2 to 0.6.0
- [633bbc] Merge pull request [#2377] from smallstep/dependabot/go_modules/google.golang.org/grpc-1.75.0
- [358a53] Merge pull request [#2378] from smallstep/dependabot/go_modules/github.com/stretchr/testify-1.11.0
- [0037ee] Bump github.com/stretchr/testify from 1.10.0 to 1.11.0
- [e9efd6] Bump google.golang.org/grpc from 1.74.2 to 1.75.0
- [1dc2d2] Merge pull request [#2370] from smallstep/mariano/yubikey-root-v2
- [d74c40] Upgrade go.step.sm/crypto
- [0b3115] Apply suggestions from code review
- [b7e59c] Add support for YubiKeys 5.7.4+
- [9c485c] Merge pull request [#2359] from smallstep/dependabot/go_modules/go.step.sm/crypto-0.69.0
- [c4a10c] Bump go.step.sm/crypto from 0.68.0 to 0.69.0
- [10fdbf] Merge pull request [#2362] from smallstep/dependabot/go_modules/google.golang.org/api-0.246.0
- [24d6af] Merge pull request [#2361] from smallstep/dependabot/go_modules/google.golang.org/protobuf-1.36.7
- [6e7744] Merge pull request [#2360] from smallstep/dependabot/go_modules/golang.org/x/net-0.43.0
- [4eabd7] Bump golang.org/x/net from 0.42.0 to 0.43.0
- [27532a] Merge pull request [#2363] from smallstep/dependabot/go_modules/golang.org/x/crypto-0.41.0
- [e4be94] Bump golang.org/x/crypto from 0.40.0 to 0.41.0
- [d560e0] Bump google.golang.org/api from 0.244.0 to 0.246.0
- [fb9197] Bump google.golang.org/protobuf from 1.36.6 to 1.36.7
- [59e458] Merge pull request [#2354] from smallstep/herman/fix-oidc-upgrade
- [2bb189] Change OIDC signature algorithm to
RS256to match JWT - [6a9c8a] Bump github.com/coreos/go-oidc/v3 from 3.14.1 to 3.15.0
- [1eda02] Merge pull request [#2351] from smallstep/dependabot/go_modules/go.step.sm/crypto-0.68.0
- [4aaf8b] Bump go.step.sm/crypto from 0.67.0 to 0.68.0
- [4a4bb7] Merge pull request [#2349] from smallstep/dependabot/go_modules/google.golang.org/api-0.244.0
- [dbbcd7] Merge pull request [#2353] from smallstep/dependabot/go_modules/github.com/prometheus/client_golang-1.23.0
- [825851] Bump github.com/prometheus/client_golang from 1.22.0 to 1.23.0
- [42a6b4] Bump google.golang.org/api from 0.243.0 to 0.244.0
- [1b0815] Merge pull request [#2346] from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.40.1
- [2ae5a8] Bump github.com/newrelic/go-agent/v3 from 3.39.0 to 3.40.1
- [2497a0] Merge pull request [#2345] from smallstep/dependabot/go_modules/github.com/slackhq/nebula-1.9.6
- [b790eb] Bump github.com/slackhq/nebula from 1.9.5 to 1.9.6
- [807b76] Merge pull request [#2347] from smallstep/dependabot/go_modules/google.golang.org/grpc-1.74.2
- [2d8377] Bump google.golang.org/grpc from 1.73.0 to 1.74.2
- [6a1250] Merge pull request [#2340] from smallstep/dependabot/go_modules/google.golang.org/api-0.242.0
- [b291fb] Bump google.golang.org/api from 0.240.0 to 0.242.0
- [0ed581] Merge pull request [#2337] from smallstep/dependabot/go_modules/github.com/fxamacker/cbor/v2-2.9.0
- [c90d32] Bump github.com/fxamacker/cbor/v2 from 2.8.0 to 2.9.0
- [080743] Merge pull request [#2336] from smallstep/dependabot/go_modules/golang.org/x/net-0.42.0
- [9bbf73] Bump golang.org/x/net from 0.41.0 to 0.42.0
- [544197] Merge pull request [#2335] from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.19.0
- [317acf] Bump cloud.google.com/go/security from 1.18.5 to 1.19.0
- [2a51f1] Use errgroup to shutdown services concurrently. (#2343)
- [b216b1] Merge pull request [#2334] from smallstep/dependabot/go_modules/github.com/googleapis/gax-go/v2-2.15.0
- [52801d] Bump github.com/googleapis/gax-go/v2 from 2.14.2 to 2.15.0
- [8537aa] Merge pull request [#2338] from smallstep/mariano/shutdown
- [503f67] Replace sync.WaitGroup with errgroup
- [a5fd0d] Fix process hanging after SIGTERM
Thanks!
Those were the changes on v0.29.0!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.
