awesome-repositories.com
博客
awesome-repositories.com

通过 AI 驱动的搜索,发现最优秀的开源仓库。

探索精选搜索开源替代品自托管软件博客网站地图
项目关于排名机制媒体报道MCP 服务器
法律隐私政策服务条款
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
smallstep avatar

smallstep/cli

0
View on GitHub↗
4,255 星标·302 分支·Go·Apache-2.0·4 次浏览smallstep.com/cli↗

Cli

该项目是一个用于管理公钥基础设施和数字身份的命令行工具。它提供了一套全面的 X.509 证书生命周期管理套件,包括证书和签名请求的生成、签名、续订和吊销。

该工具通过专门的安全功能脱颖而出,例如将加密凭据绑定到 TPM 和 HSM 以进行硬件支持的身份证明。它还为机器身份安全提供专用支持,使用短寿命 SSH 证书和 mTLS 来保护非人类工作负载。

广泛的功能包括用于管理 JSON Web Tokens 和 Keys 的 JOSE 加密工具包、用于授权流程的 OAuth 和 OIDC 客户端,以及用于自动化 TLS 配置的 ACME 客户端。该工具集还涵盖通用加密实用程序、系统信任存储管理和证书颁发机构管理。

该工具链可以通过基于路径的插件发现进行扩展,以添加新的子命令。

Features

  • Certificate Lifecycle Management - Provides a comprehensive suite for the issuance, rotation, and revocation of digital certificates.
  • X.509 Management Utilities - Provides comprehensive X.509 certificate management including generation, signing, and revocation.
  • Public Key Infrastructure - Provides comprehensive management of public key infrastructure, including certificate authorities and issuance policies.
  • ACME Certificate Provisioners - Obtains TLS certificates from ACME servers using HTTP servers or webroot validation.
  • ACME Clients - Implements the ACME protocol as a command-line tool for automated certificate lifecycle management.
  • Asymmetric Key Generators - Creates public and private keypairs in PEM or JSON formats for encryption and signing.
  • Certificate Authorities - Sets up the initial configuration and public key infrastructure needed to start a certificate authority.
  • Certificate Automation Protocols - Bootstraps and manages servers to issue, renew, and revoke certificates using automated protocols.
  • Certificate Renewal Managers - Automates the periodic renewal of expiring certificates based on defined thresholds.
  • Certificate Revocations - Invalidates certificates by serial number to prevent further use of compromised credentials.
  • Certificate Signing Request Generation - Creates certificates or signing requests using profiles and templates for identity purposes.
  • Certificate Signing - Signs certificate requests using a private key to issue valid identities.
  • Cryptographic Primitives - Provides a suite of identity operations based on industry-standard X.509, JOSE, and OAuth2 specifications.
  • Certificate Authority Management - Manages provisioners and administrators to control access to certificate request capabilities.
  • Hardware Identity Attestations - Binds credentials to hardware and provides cryptographic proofs for device identity attestation.
  • Trust Store Managers - Automates the installation and removal of root certificates within the operating system trust store.
  • Hardware Key Binding - Binds cryptographic credentials to TPMs and HSMs to prevent key exfiltration and ensure hardware-backed identity.
  • Hardware Security Module Integrations - Manages keys and certificates stored in HSMs, TPMs, and cloud-based key management systems.
  • General Certificate Integrity Validations - Inspects certificate contents and verifies digital signatures against root anchors to ensure trust.
  • JSON Web Tokens - Provides comprehensive tools for generating and signing JSON Web Tokens and Keys.
  • Hardware-Backed Key Storage - Binds cryptographic credentials to TPMs and HSMs to prevent key exfiltration and ensure authenticity.
  • Machine Identity - Secures non-human workloads using mTLS, hardware attestation, and short-lived SSH certificates.
  • OAuth and OpenID Connect Libraries - Provides a unified client for implementing OAuth and OpenID Connect authorization flows.
  • OAuth Flow Implementations - Implements full OAuth 2.0 authorization flows including authorization code and refresh token flows.
  • OAuth Token Management - Manages the lifecycle of OAuth tokens and processes API authorization workflows.
  • PKI Management - Bootstraps and manages certificate authorities, trust stores, and issuance policies to maintain a root of trust.
  • Certificate Chain Validation - Implements recursive validation of certificate chains to establish a verifiable path to a trusted root authority.
  • Root Certificate Generators - Creates self-signed root certificates and leaf certificates with associated private keys.
  • JWT Payload Inspection - Decodes JSON Web Signature structures to display payloads without requiring cryptographic verification.
  • Context Switching - Configures and switches between different certificate authority environments to organize deployments.
  • Signed JWT Generation - Generates compact signed JSON Web Tokens (JWS) using secret or private keys.
  • Certificate Issuance Policies - Defines and enforces the rules and administrative controls under which certificates are issued.
  • Cryptographic Hash Generation - Produces and verifies cryptographic hashes for files and directories to ensure integrity.
  • Data Encryption - Signs and encrypts raw data using high-speed cryptographic primitives.
  • JSON Web Encryption - Encrypts data using the JWE standard to create secure, structured data objects.
  • Certificate Inspection Tools - Parses certificates or requests to display attributes in human-readable or structured formats.
  • SSH Certificate Inspection - Analyzes the properties and metadata of SSH certificates to verify access permissions.
  • Revocation List Management - Maintains lists of revoked certificates to prevent compromised keys from being trusted.
  • JOSE Specifications - Implements the full JOSE suite for creating and verifying JSON Web Tokens, Keys, and encrypted payloads.
  • Toolkits - Provides a complete JOSE toolkit for managing JSON Web Tokens, Keys, Signatures, and Encryption.
  • JSON Web Signatures - Implements the JWS standard to create digitally signed payloads for secure data exchange.
  • JWT Decoders - Provides utilities to extract and inspect JWT headers and payloads without signature verification.
  • Signature Verification - Validates the authenticity of JWS tokens by verifying signatures against expected keys and algorithms.
  • JSON Web - Generates and manages cryptographic keys following the JSON Web Key (JWK) standard.
  • MFA Token Generators - Produces time-based one-time password secrets and QR codes for multi-factor authentication.
  • JSON Web Encryption Decryptions - Decodes and decrypts JWE compact strings back into their original plaintext format.
  • One-Time Passwords - Creates and verifies time-based or counter-based one-time passwords.
  • Key Derivation Functions - Implements key derivation functions to securely transform passwords into cryptographic keys.
  • PKI Profile Management - Switches between different authority configurations and client profiles to support multiple toolchains.
  • Non-Human Identity Management - Implements cryptographic identities and mTLS for authenticating AI agents and internal workloads.
  • Certificate Trust Managers - Adds root certificates to system or browser trust stores to establish a trusted chain.
  • Chain Bundling - Combines end-entity certificates with intermediate certificates to enable full path validation.
  • SSH Certificate Management - Generates short-lived SSH user and host certificates and integrates them with the SSH agent.
  • System Trust Stores - Adds or removes certificates from the operating system trust store to manage trusted roots.
  • JWT Signing and Verification - Validates a JWT's signature, expiration, and issuer to ensure token integrity and authenticity.
  • Cryptographic Encoding Conversions - Provides utilities to transform cryptographic data between DER, PEM, and JSON formats for system interoperability.

Star 历史

smallstep/cli 的 Star 历史图表smallstep/cli 的 Star 历史图表

AI 搜索

探索更多 awesome 仓库

用简单的语言描述您的需求 —— AI 将根据相关性为您从数千个精选开源项目中进行排序。

Start searching with AI

Cli 的开源替代方案

相似的开源项目,按与 Cli 的功能重合度排序。
  • smallstep/certificatessmallstep 的头像

    smallstep/certificates

    8,245在 GitHub 上查看↗

    This project is a public key infrastructure management system designed to automate the issuance, renewal, and revocation of X.509, TLS, and SSH certificates. It functions as a machine identity provider and certificate authority, enabling the establishment of private PKI to secure inter-service communication and remote access. The system distinguishes itself through hardware-bound identity attestation, which ties cryptographic keys to physical device silicon or TPMs to prevent credential exfiltration. It supports a wide array of identity verification mechanisms, including OIDC, cloud-provider

    Goacmeacme-serverca
    在 GitHub 上查看↗8,245
  • cloudflare/cfsslcloudflare 的头像

    cloudflare/cfssl

    9,443在 GitHub 上查看↗

    This project is a toolkit for creating and managing X.509 certificate authorities, providing tools for the issuance, signing, and management of TLS certificates and private keys. It includes a command-line utility for generating certificate signing requests, bundling certificate chains, and parsing PEM or DER files. The system features an HTTP API server that allows for remote signing and verification of certificates using JSON requests and responses. This architecture supports automated certificate provisioning and includes a signing proxy to forward requests to remote backend services. The

    Go
    在 GitHub 上查看↗9,443
  • cert-manager/cert-managercert-manager 的头像

    cert-manager/cert-manager

    13,578在 GitHub 上查看↗

    This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS certificates. It functions as a native extension to the cluster API, using custom resource definitions and reconciliation loops to maintain the desired state of certificates and trust bundles across distributed services. By integrating directly with the cluster's admission control and secret storage systems, it ensures that cryptographic identities are consistently provisioned and available for application workloads. The project distinguishes itself through its extensive support for a

    Gocertificatecrdhacktoberfest
    在 GitHub 上查看↗13,578
  • certd/certdcertd 的头像

    certd/certd

    4,454在 GitHub 上查看↗

    Certd is a self-hosted platform that automates the full lifecycle of SSL certificates using the ACME protocol. It handles certificate application, renewal, and deployment across multiple domains through a pipeline-driven workflow engine, with DNS challenge orchestration and multi-cloud deployment capabilities. The platform distinguishes itself through its configurable pipeline system, which allows users to build multi-step workflows that can pass outputs between tasks, execute custom scripts, and handle errors. It supports multi-tenant access control with role-based permissions, encrypted cre

    JavaScriptacmeautoautomation
    在 GitHub 上查看↗4,454
查看 Cli 的所有 30 个替代方案→

常见问题解答

smallstep/cli 是做什么的?

该项目是一个用于管理公钥基础设施和数字身份的命令行工具。它提供了一套全面的 X.509 证书生命周期管理套件,包括证书和签名请求的生成、签名、续订和吊销。

smallstep/cli 的主要功能有哪些?

smallstep/cli 的主要功能包括:Certificate Lifecycle Management, X.509 Management Utilities, Public Key Infrastructure, ACME Certificate Provisioners, ACME Clients, Asymmetric Key Generators, Certificate Authorities, Certificate Automation Protocols。

smallstep/cli 有哪些开源替代品?

smallstep/cli 的开源替代品包括: smallstep/certificates — This project is a public key infrastructure management system designed to automate the issuance, renewal, and… cloudflare/cfssl — This project is a toolkit for creating and managing X.509 certificate authorities, providing tools for the issuance,… cert-manager/cert-manager — This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS… certd/certd — Certd is a self-hosted platform that automates the full lifecycle of SSL certificates using the ACME protocol. It… openvpn/easy-rsa — Easy-RSA is a shell-based utility designed to automate the creation and management of a public key infrastructure. It… digitalbazaar/forge — Forge is a JavaScript cryptography library providing a comprehensive set of tools for symmetric and asymmetric…