Smallstep Cli Versions Save

Official Release Artifacts

Below are the most popular artifacts for step on each platform.

For packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Linux

• 📦 step_linux_0.26.1_amd64.tar.gz
• 📦 step_linux_0.26.1_arm64.tar.gz
• 📦 step_linux_0.26.1_armv7.tar.gz
• 📦 step-cli_0.26.1_amd64.deb
• 📦 step-cli_0.26.1_amd64.rpm
• 📦 step-cli_0.26.1_arm64.deb
• 📦 step-cli_0.26.1_arm64.rpm
• see Assets below for more builds

macOS Darwin

• 📦 step_darwin_0.26.1_amd64.tar.gz
• 📦 step_darwin_0.26.1_arm64.tar.gz

Windows

• 📦 step_windows_0.26.1_amd64.zip
• 📦 step_windows_0.26.1_arm64.zip

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.26.1_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.26.1_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.26.1_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 576d8adb Fix certificate inspect (#1153)
• 6236b6ef Merge pull request #1159 from smallstep/dependabot/go_modules/github.com/Microsoft/go-winio-0.6.2
• 7cba07fb Merge branch 'master' into dependabot/go_modules/github.com/Microsoft/go-winio-0.6.2
• 1e37e722 Merge pull request #1160 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.44.6
• 0a178ea4 Bump go.step.sm/crypto from 0.44.3 to 0.44.6
• ddcae602 Bump github.com/Microsoft/go-winio from 0.6.1 to 0.6.2
• 31e62a07 Bump go version to 1.21 in go.mod (#1155)
• 60484c93 Merge pull request #1152 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.44.3
• 555602c5 Bump go.step.sm/crypto from 0.44.2 to 0.44.3
• dc731e08 Merge pull request #1148 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.22.0
• cb86d05e Bump golang.org/x/crypto from 0.21.0 to 0.22.0
• b3c4df58 Merge pull request #1143 from smallstep/carl/winget-fix
• 8b88dc4a Fix winget release URL
• b8388911 Add version number to winget branch name (#1142)
• 6e0fba57 Merge pull request #1141 from smallstep/herman/improve-plugin-not-found-error
• 2ee14c5a Improve error message when a known plugin is not found

Thanks!

Those were the changes on v0.26.1!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.

Official Release Artifacts

Below are the most popular artifacts for step on each platform.

For packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Linux

• 📦 step_linux_0.26.0_amd64.tar.gz
• 📦 step_linux_0.26.0_arm64.tar.gz
• 📦 step_linux_0.26.0_armv7.tar.gz
• 📦 step-cli_0.26.0_amd64.deb
• 📦 step-cli_0.26.0_amd64.rpm
• 📦 step-cli_0.26.0_arm64.deb
• 📦 step-cli_0.26.0_arm64.rpm
• see Assets below for more builds

macOS Darwin

• 📦 step_darwin_0.26.0_amd64.tar.gz
• 📦 step_darwin_0.26.0_arm64.tar.gz

Windows

• 📦 step_windows_0.26.0_amd64.zip
• 📦 step_windows_0.26.0_arm64.zip

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.26.0_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.26.0_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.26.0_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 05f95e5b Upgrade certificate 0.26.0 | fix linter warnings (#1140)
• ea6ffb3b Update go.step.sm/crypto (#1139)
• e5f1be60 Merge pull request #1138 from smallstep/herman/update-changelog-20240327
• 6668ab2b Update changelog for v0.26.0
• 65f97a8c Merge pull request #1136 from smallstep/herman/fix-oauth-cors
• 589416d4 Merge pull request #1135 from jindraj/jindraj/missing-dash-in-help
• ef4a7365 add missing dash for --offline in help

Thanks!

Those were the changes on v0.26.0!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.

Official Release Artifacts

Below are the most popular artifacts for step on each platform.

For packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Linux

• 📦 step_linux_0.25.3-rc3_amd64.tar.gz
• 📦 step_linux_0.25.3-rc3_arm64.tar.gz
• 📦 step_linux_0.25.3-rc3_armv7.tar.gz
• 📦 step-cli_0.25.3-rc3_amd64.deb
• 📦 step-cli_0.25.3-rc3_amd64.rpm
• 📦 step-cli_0.25.3-rc3_arm64.deb
• 📦 step-cli_0.25.3-rc3_arm64.rpm
• see Assets below for more builds

macOS Darwin

• 📦 step_darwin_0.25.3-rc3_amd64.tar.gz
• 📦 step_darwin_0.25.3-rc3_arm64.tar.gz

Windows

• 📦 step_windows_0.25.3-rc3_amd64.zip
• 📦 step_windows_0.25.3-rc3_arm64.zip

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.25.3-rc3_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.25.3-rc3_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.25.3-rc3_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 9d1b9a03 Return HTTP OK on CORS Options request
• 9f9412ca Merge pull request #1132 from smallstep/dependabot/github_actions/dependabot/fetch-metadata-2.0.0
• 0b6aedd1 Merge pull request #1133 from smallstep/dependabot/go_modules/github.com/smallstep/certificates-0.26.0-rc2
• 40867fdd Bump github.com/smallstep/certificates from 0.25.3-rc7 to 0.26.0-rc2
• 9c5bfbe8 Merge pull request #1134 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.44.1
• 3c217fc9 Bump go.step.sm/crypto from 0.43.1 to 0.44.1
• 0db90194 Bump dependabot/fetch-metadata from 1.6.0 to 2.0.0
• 5cba7ab2 Merge pull request #1130 from smallstep/herman/cosign-2.x
• 07cdbd6d Use --yes to acknowledge user prompts for Cosign signing
• d90586e5 Upgrade certinfo
• 7a6c3cf3 Merge pull request #1128 from smallstep/max/assets
• d49acd00 Update .goreleaser.yml
• 3ead9e0a Update .goreleaser.yml
• 06223650 Update .goreleaser.yml
• dbaee8b9 Update .goreleaser.yml
• 0ead710d Bump jackc dependency in gomod
• e69cb2f2 Add a few more popular assets to the releases header.
• 384d4abe Merge pull request #1125 from smallstep/dependabot/go_modules/github.com/go-jose/go-jose/v3-3.0.3
• 631f1a7e Bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3
• 0bae350c Merge pull request #1124 from smallstep/herman/fix-load-vintage-error
• 49148fcb Merge pull request #1123 from smallstep/fix-peak-typo
• 3841ae50 Fix ignored error from loading vintage context configuration
• 3fa35cc6 Fix peak -> peek
• 94ebbb38 go mod tidy (#1122)
• 0b07dde9 Merge pull request #1121 from smallstep/dependabot/go_modules/github.com/smallstep/certificates-0.25.3-rc7
• 1c0daea0 Upgrade google.golang.org/protobuf to v1.33.0
• eb5fbfb1 Use localhost in the step ca health CA url
• efe7e380 Bump github.com/smallstep/certificates
• eeb3d877 Merge pull request #1120 from smallstep/herman/upgrade-dependencies-20240304
• c25f5c38 Add very basic step ca health integration test
• 6c8661fa Fix usage of deprecated Sign() method
• d6626c8b Upgrade dependencies and fix linting issues
• 491effda Merge pull request #1114 from smallstep/dependabot/go_modules/github.com/go-jose/go-jose/v3-3.0.2
• 5a0c428a Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.2
• 57505a09 Merge pull request #1103 from smallstep/dependabot/go_modules/github.com/smallstep/certificates-0.25.3-rc5
• 12cdd9bc Merge pull request #1112 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.43.1
• 3dc8b468 Bump github.com/smallstep/certificates
• bbfc8fed Merge pull request #1111 from smallstep/dependabot/go_modules/github.com/fxamacker/cbor/v2-2.6.0
• 9668c3dd Bump go.step.sm/crypto from 0.43.0 to 0.43.1
• e95bbbce Bump github.com/fxamacker/cbor/v2 from 2.5.0 to 2.6.0
• c592ed47 Teach step ca init about --key-password-file
• 3d2769ac Merge pull request #1107 from smallstep/dependabot/github_actions/webfactory/ssh-agent-0.9.0
• c7b90c65 Bump webfactory/ssh-agent from 0.8.0 to 0.9.0
• 7e6a58dc Merge pull request #1109 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.19.0
• 93022d1e Bump golang.org/x/crypto from 0.18.0 to 0.19.0
• badf0249 Merge pull request #1104 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.43.0
• 01e544d9 Bump go.step.sm/crypto from 0.42.1 to 0.43.0
• 869c3599 Merge pull request #1101 from smallstep/dependabot/go_modules/github.com/google/uuid-1.6.0
• d0299457 Merge pull request #1102 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.42.1
• df54f224 Bump go.step.sm/crypto from 0.42.0 to 0.42.1
• 0af87551 Bump github.com/google/uuid from 1.5.0 to 1.6.0
• 1fa24c98 Merge pull request #1100 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.42.0
• c000bfc0 Bump go.step.sm/crypto from 0.41.0 to 0.42.0

Thanks!

Those were the changes on v0.25.3-rc3!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.

Official Release Artifacts

Linux

• 📦 step_linux_0.25.2_amd64.tar.gz
• 📦 step-cli_0.25.2_amd64.deb
• 📦 step-cli_0.25.2_amd64.rpm

macOS Darwin

• 📦 step_darwin_0.25.2_amd64.tar.gz
• 📦 step_darwin_0.25.2_arm64.tar.gz

Windows

• 📦 step_windows_0.25.2_amd64.zip

For more builds across platforms and architectures see the Assets section below. And for packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.25.2_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.25.2_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.25.2_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 4f55cda9 Merge pull request #1099 from smallstep/changelog-0.25.2
• 971e9545 Upgrade changelog
• 06fa8a80 Merge pull request #1097 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.41.0
• ad073038 Bump go.step.sm/crypto from 0.40.0 to 0.41.0
• 9cf18ee8 Merge pull request #1098 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.18.0
• 4ce778aa Merge pull request #1096 from smallstep/dependabot/go_modules/github.com/slackhq/nebula-1.8.2
• 33d93545 Bump golang.org/x/crypto from 0.17.0 to 0.18.0
• ff8094b1 Bump github.com/slackhq/nebula from 1.8.1 to 1.8.2
• c0af50f9 Merge pull request #1095 from smallstep/dependabot/go_modules/golang.org/x/term-0.16.0
• f78d3f5a Bump golang.org/x/term from 0.15.0 to 0.16.0
• 71ae5c67 Merge pull request #1094 from smallstep/dependabot/go_modules/golang.org/x/sys-0.16.0
• a6ed0cf9 Bump golang.org/x/sys from 0.15.0 to 0.16.0
• c8a74b51 Merge pull request #1093 from smallstep/mariano/certinfo
• d17b6362 Bump certinfo to v1.12.1
• cc551139 Merge pull request #1090 from smallstep/dependabot/go_modules/google.golang.org/protobuf-1.32.0
• 7eef805c Merge pull request #1091 from smallstep/dependabot/go_modules/github.com/slackhq/nebula-1.8.1
• 37c588b5 Bump github.com/slackhq/nebula from 1.8.0 to 1.8.1
• 28e4a826 Bump google.golang.org/protobuf from 1.31.0 to 1.32.0
• 2961f405 Merge pull request #1085 from smallstep/herman/fix-nebula-verify-with-curve
• 2818a2a0 Merge branch 'master' into herman/fix-nebula-verify-with-curve
• 4c8600c4 Merge pull request #1089 from smallstep/herman/use-uuid-validate
• ac097ff2 Use uuid.Validate for cases where the UUID isn't used
• d4dc84e3 Merge pull request #1088 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.17.0
• aca9412f Bump golang.org/x/crypto from 0.16.0 to 0.17.0
• d55769a1 Bump github.com/google/uuid from 1.4.0 to 1.5.0
• def9b017 Merge branch 'master' into herman/fix-nebula-verify-with-curve
• 29e9f7fe Merge pull request #1086 from smallstep/go-jose
• 636acdde Upgrade go.step.sm/crypto to use go-jose/v3
• 6be19220 Fix panic trying to create a key with a public key
• 2cc7174a Add more test cases for Nebula token
• 84519a7b Fix linting issue
• b84beef2 Add key type to error message
• 7c490d17 Fix Nebula VerifyPrivateKey by selecting curve to use based on key
• cc063b14 Merge pull request #1084 from smallstep/dependabot/github_actions/actions/setup-go-5
• 5478e0fe Merge pull request #1083 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.39.0
• 73f2970e Bump actions/setup-go from 4 to 5
• 39bbc661 Bump go.step.sm/crypto from 0.38.0 to 0.39.0
• 926e9bae Bump github.com/slackhq/nebula from 1.6.1 to 1.8.0
• 38a27804 Merge pull request #1080 from smallstep/carl/debian-bookworm
• e855e874 Update debian docker build to bookworm
• 947641c4 Merge pull request #1079 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.16.0
• 620a7a6a Merge pull request #1078 from smallstep/dependabot/go_modules/github.com/smallstep/certificates-0.25.2
• 2f14ccb4 Bump golang.org/x/crypto from 0.15.0 to 0.16.0
• 108d916d Bump github.com/smallstep/certificates from 0.25.1 to 0.25.2

Thanks!

Those were the changes on v0.25.2!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Official Release Artifacts

Linux

• 📦 step_linux_0.25.1_amd64.tar.gz
• 📦 step-cli_0.25.1_amd64.deb
• 📦 step-cli_0.25.1_amd64.rpm

macOS Darwin

• 📦 step_darwin_0.25.1_amd64.tar.gz
• 📦 step_darwin_0.25.1_arm64.tar.gz

Windows

• 📦 step_windows_0.25.1_amd64.zip

For more builds across platforms and architectures see the Assets section below. And for packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.25.1_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.25.1_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.25.1_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 7f2d5f4c Merge pull request #1071 from smallstep/update-changelog-20231127
• e9902f82 Merge branch 'master' into update-changelog-20231127
• a78932c9 Merge pull request #1072 from smallstep/sort-ca-kms
• 3f2963d6 Merge branch 'master' into sort-ca-kms
• ad52904f Merge pull request #1074 from smallstep/bump-gopkcs12
• 9bf3d4e7 Merge branch 'master' into bump-gopkcs12
• 949215e9 golang dep updates (#1073)
• 0b51ad0f Upgrade go-pkcs12 and use modern encoders
• 0f2ff584 Sort step certificate create flags
• 29ffa8d1 Set v0.25.1 release date
• e3bce7aa Run gofmt on decrypt.go
• 7683b872 Merge pull request #1067 from smallstep/update-changelog-20231127
• 88653239 Merge pull request #1060 from ncaq/add-password-file-for-step-crypto-jwe-decrypt
• 5d338406 Merge pull request #1068 from smallstep/dependabot/go_modules/golang.org/x/term-0.15.0
• a8517220 Bump golang.org/x/term from 0.14.0 to 0.15.0
• 552aa3fa Changes for v0.25.1 release
• 3f81750f Merge pull request #1066 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.37.0
• 3e616f86 Bump go.step.sm/crypto from 0.36.1 to 0.37.0
• e1e15f51 Merge pull request #1063 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.15.0
• d63f7c7b Bump golang.org/x/crypto from 0.14.0 to 0.15.0
• c4cc60e3 Merge pull request #1064 from smallstep/dependabot/go_modules/golang.org/x/term-0.14.0
• b71a30af Bump golang.org/x/term from 0.13.0 to 0.14.0
• 5f700b54 Merge pull request #1062 from smallstep/dependabot/go_modules/golang.org/x/sys-0.14.0
• d2c78310 Bump golang.org/x/sys from 0.13.0 to 0.14.0
• ba4214f7 Merge pull request #1054 from smallstep/mariano/rand
• 822c29b3 feat: add: --password-file option for step crypto jwe decrypt
• 75d7a7b3 Merge pull request #1057 from smallstep/dependabot/go_modules/github.com/google/uuid-1.4.0
• afba645f Bump github.com/google/uuid from 1.3.1 to 1.4.0
• bf32ddf9 Merge pull request #1055 from terabyte128/master
• 12263b88 Clarify docs for die
• 53eb468b Fix examples
• bb072b1b Move step rand to step crypto rand and prime format
• a0135a03 Update command/rand/rand.go
• 82999ac6 Update command/rand/rand.go
• c5608d1b Fix command completion for zsh
• 3ce93821 Add step rand command
• e397d844 Merge pull request #1045 from smallstep/herman/ignore-bom
• 92f807f1 Make the utfbom package internal
• eda17fc8 Merge branch 'master' into herman/ignore-bom
• 8d489d15 Merge pull request #1053 from smallstep/mariano/truststore
• 3b0f22a7 Upgrades truststore
• 2e6ff3e6 Merge pull request #1044 from smallstep/mariano/tpm-device
• 3df0ad1d Merge pull request #1052 from smallstep/herman/fix-leaf-certificate-public-key-type
• 9dc90a47 Fix leaf certificate *rsa.PublicKey example
• 7fb818c0 Merge branch 'master' into herman/ignore-bom
• e6e358dc Merge pull request #1047 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.36.1
• 172d3fe3 Merge pull request #1048 from smallstep/dependabot/github_actions/dependabot/fetch-metadata-1.6.0
• c275804b Merge branch 'master' into dependabot/github_actions/dependabot/fetch-metadata-1.6.0
• c3dee7e7 Merge branch 'master' into dependabot/go_modules/go.step.sm/crypto-0.36.1
• 141af6e3 Bump ad-m/github-push-action from 0.6.0 to 0.8.0 (#1049)
• 72ea7705 Merge pull request #1050 from smallstep/dependabot/github_actions/webfactory/ssh-agent-0.8.0
• c1182514 Merge branch 'master' into dependabot/github_actions/webfactory/ssh-agent-0.8.0
• cc509010 Merge branch 'master' into dependabot/go_modules/go.step.sm/crypto-0.36.1
• 43e8d205 Merge branch 'master' into dependabot/github_actions/dependabot/fetch-metadata-1.6.0
• 50f295cf [action] fix actionlint warnings (#1046)
• 1031717a Bump webfactory/ssh-agent from 0.7.0 to 0.8.0
• 5966905b Bump dependabot/fetch-metadata from 1.1.1 to 1.6.0
• 20e1aa1f Bump go.step.sm/crypto from 0.36.0 to 0.36.1
• deda87eb Fix linting issues
• f97a0f2b Make the file reader utility aware of BOMs
• 7d70cea7 Allow the define a custom tpm device
• 01d41bbe Merge pull request #1040 from smallstep/carl/fix-release-action-i-broke
• 7eb652da Fixes a yaml error in release.yml that I introduced
• cecdb623 Merge pull request #1039 from smallstep/carl/fixes-1032
• ac234c65 Merge pull request #1034 from smallstep/carl/unversioned
• d6db0604 Fixes #1032
• dcef695f [action] check for updates to dependabot actions (#1038)
• 83f2696e Merge pull request #1037 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.36.0
• 96d08b94 Merge pull request #1036 from smallstep/dependabot/go_modules/github.com/google/go-cmp-0.6.0
• abb9aad6 Bump go.step.sm/crypto from 0.35.1 to 0.36.0
• dc41fb9c Bump github.com/google/go-cmp from 0.5.9 to 0.6.0
• 1c46be6e Wrap unversioned step into an unversioned dir
• 8a17e786 Wrap unversioned step into an unversioned dir
• 27a1e292 Merge pull request #1033 from smallstep/dependabot/go_modules/golang.org/x/net-0.17.0
• 699a8642 Bump golang.org/x/net from 0.15.0 to 0.17.0
• 463a1376 Merge pull request #1031 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.14.0
• 09fecd33 Bump golang.org/x/crypto from 0.13.0 to 0.14.0
• 6cbf2f49 Remove gitleaksignore file (#1027)
• abf6c291 Merge pull request #1025 from smallstep/carl/fixes-1023
• 4b8020ad Merge branch 'master' into carl/fixes-1023
• 01a5d127 Fix cosign identity regexp
• cfca45ac Merge pull request #1024 from smallstep/carl/reference-fix
• 85eb21a8 Path fix for step cli command refernce build step
• 57f839fe Merge pull request #984 from smallstep/carl/winget
• 46530947 Explicitly specify the scoop buget repository branch name.
• 02e92861 Merge branch 'master' into carl/winget
• 6a2da408 Merge pull request #1021 from smallstep/max/scoop
• cfe9ddb9 Merge pull request #1022 from Juneezee/jwt/redundant-len-check
• 312adcb0 crypto/jwt: remove redundant len check in verify
• a710bb71 [action] Change scoop name to step
• 6813a538 Merge branch 'master' into carl/winget
• be0e53fc Only make PRs on releases, not release candidates
• 5ae03379 Use MS repo as base
• 6b5b7e4f Remove broken config
• 35a699b1 Add base branch for PR
• 895c18aa Add base branch for PR
• 8b0d08dc Fix goreleaser deprecation warnings
• 6fdddea0 erge branch 'master' into carl/winget
• 6f66fa3c Use a 'step' branch for Winget PRs
• 4c1de114 Test winget
• 626414c5 Add Winget automation to GoReleaser
• 5c2c5ef0 Add Winget automation to GoReleaser

Thanks!

Those were the changes on v0.25.1!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Official Release Artifacts

Linux

• 📦 step_linux_0.25.0_amd64.tar.gz
• 📦 step-cli_0.25.0_amd64.deb
• 📦 step-cli_0.25.0_amd64.rpm

macOS Darwin

• 📦 step_darwin_0.25.0_amd64.tar.gz
• 📦 step_darwin_0.25.0_arm64.tar.gz

Windows

• 📦 step_windows_0.25.0_amd64.zip

For more builds across platforms and architectures see the Assets section below. And for packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.25.0_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.25.0_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/cli/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.25.0_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• effe01c Update changelog for release (#1020)

Thanks!

Those were the changes on v0.25.0!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Official Release Artifacts

Linux

• 📦 step_linux_0.24.5-rc.11_amd64.tar.gz
• 📦 step-cli_0.24.5-rc.11_amd64.deb
• 📦 step-cli_0.24.5-rc.11_amd64.rpm

macOS Darwin

• 📦 step_darwin_0.24.5-rc.11_amd64.tar.gz
• 📦 step_darwin_0.24.5-rc.11_arm64.tar.gz

Windows

• 📦 step_windows_0.24.5-rc.11_amd64.zip

For more builds across platforms and architectures see the Assets section below. And for packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.24.5-rc.11_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.24.5-rc.11_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/cli/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.24.5-rc.11_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 6b5b7e4 Remove broken config

Thanks!

Those were the changes on v0.24.5-rc.11!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Official Release Artifacts

Linux

• 📦 step_linux_0.24.5-rc.9_amd64.tar.gz
• 📦 step-cli_0.24.5-rc.9_amd64.deb
• 📦 step-cli_0.24.5-rc.9_amd64.rpm

macOS Darwin

• 📦 step_darwin_0.24.5-rc.9_amd64.tar.gz
• 📦 step_darwin_0.24.5-rc.9_arm64.tar.gz

Windows

• 📦 step_windows_0.24.5-rc.9_amd64.zip

For more builds across platforms and architectures see the Assets section below. And for packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.24.5-rc.9_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.24.5-rc.9_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/cli/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.24.5-rc.9_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 6fdddea erge branch 'master' into carl/winget

Thanks!

Those were the changes on v0.24.5-rc.9!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Official Release Artifacts

Linux

• 📦 step_linux_0.24.5-rc.8_amd64.tar.gz
• 📦 step-cli_0.24.5-rc.8_amd64.deb
• 📦 step-cli_0.24.5-rc.8_amd64.rpm

macOS Darwin

• 📦 step_darwin_0.24.5-rc.8_amd64.tar.gz
• 📦 step_darwin_0.24.5-rc.8_arm64.tar.gz

Windows

• 📦 step_windows_0.24.5-rc.8_amd64.zip

For more builds across platforms and architectures see the Assets section below. And for packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.24.5-rc.8_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.24.5-rc.8_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/cli/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.24.5-rc.8_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 4c1de11 Test winget

Thanks!

Those were the changes on v0.24.5-rc.8!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.