step-agent Smallstep Labs, LLC

acme certificates device-attestation device-identity pki smallstep tls tpm

Use this command to install step-agent:

winget install --id=Smallstep.step-agent -e

The Smallstep Agent is a cross-platform daemon designed to enroll devices, perform cryptographic attestation using TPMs, cloud, or OS keystores, and manage X.509 and SSH certificate lifecycles for endpoints managed by the Smallstep platform.

Key Features:

Cross-platform support for Linux, macOS, and Windows.
Device attestation via TPMs, cloud, or OS keystores to ensure secure device identity.
Automated management of X.509 and SSH certificates throughout their lifecycle.
Integration with configuration management tools like Ansible and Munki.
PKCS#11 support for applications requiring hardware-based cryptographic operations.

Audience & Benefit: Ideal for DevOps teams, system administrators, and security professionals managing device identity and certificate lifecycle at scale. The Smallstep Agent enhances security by ensuring devices are authenticated and authorized before issuing certificates, simplifies certificate management, and integrates seamlessly with existing infrastructure to streamline endpoint security processes.