Step CLI v0.29.0 (25-12-03)

Official Release Artifacts

Below are the most popular artifacts for step on each platform.

For packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Linux

• 📦 step_linux_0.29.0_amd64.tar.gz
• 📦 step_linux_0.29.0_arm64.tar.gz
• 📦 step_linux_0.29.0_armv7.tar.gz
• 📦 step-cli_0.29.0-1_amd64.deb
• 📦 step-cli-0.29.0-1.x86_64.rpm
• 📦 step-cli_0.29.0-1_arm64.deb
• 📦 step-cli-0.29.0-1.aarch64.rpm
• see Assets below for more builds

macOS Darwin

• 📦 step_darwin_0.29.0_amd64.tar.gz
• 📦 step_darwin_0.29.0_arm64.tar.gz

Windows

• 📦 step_windows_0.29.0_amd64.zip
• 📦 step_windows_0.29.0_arm64.zip

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.29.0_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.29.0_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.29.0_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 1d19389 Bump certificates to 0.29.0 and update CHANGELOG w/ release date (#1529)

Thanks!

Those were the changes on v0.29.0!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.

Step CLI v0.29.0-rc1 (25-12-02)

Official Release Artifacts

Below are the most popular artifacts for step on each platform.

For packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Linux

• 📦 step_linux_0.29.0-rc1_amd64.tar.gz
• 📦 step_linux_0.29.0-rc1_arm64.tar.gz
• 📦 step_linux_0.29.0-rc1_armv7.tar.gz
• 📦 step-cli_0.29.0.rc1-1_amd64.deb
• 📦 step-cli-0.29.0.rc1-1.x86_64.rpm
• 📦 step-cli_0.29.0.rc1-1_arm64.deb
• 📦 step-cli-0.29.0.rc1-1.aarch64.rpm
• see Assets below for more builds

macOS Darwin

• 📦 step_darwin_0.29.0-rc1_amd64.tar.gz
• 📦 step_darwin_0.29.0-rc1_arm64.tar.gz

Windows

• 📦 step_windows_0.29.0-rc1_amd64.zip
• 📦 step_windows_0.29.0-rc1_arm64.zip

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.29.0-rc1_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.29.0-rc1_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.29.0-rc1_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 42d80a0 Update changelog for v0.29.0 (#1528)
• c773a16 Merge pull request #1527 from smallstep/dependabot/github_actions/softprops/action-gh-release-2.5.0
• 10cda7c Bump softprops/action-gh-release from 2.4.2 to 2.5.0
• 2c7149f Merge pull request #1523 from smallstep/dependabot/go_modules/github.com/google/go-tpm-0.9.7
• c5d31cf Bump github.com/google/go-tpm from 0.9.6 to 0.9.7
• aca6309 Merge pull request #1519 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.45.0
• 229c1bd Bump golang.org/x/crypto from 0.43.0 to 0.45.0
• 8fc072d Merge pull request #1524 from smallstep/dependabot/github_actions/actions/checkout-6.0.0
• 4785205 Merge pull request #1525 from smallstep/dependabot/github_actions/actions/setup-go-6.1.0
• e3f0487 Bump actions/setup-go from 6.0.0 to 6.1.0
• 1a91c7c Bump actions/checkout from 5.0.1 to 6.0.0
• 5bcdad3 Merge pull request #1518 from smallstep/dependabot/github_actions/actions/checkout-5.0.1
• c77f974 Bump actions/checkout from 5.0.0 to 5.0.1
• 142c0b1 Merge pull request #1516 from smallstep/mariano/fix-1492
• 9686d6f Make --attestation-uri incompatible with --kms
• cde640b Merge pull request #1512 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.74.0
• c15b854 Bump go.step.sm/crypto from 0.73.0 to 0.74.0
• 20a5ada Merge pull request #1513 from smallstep/dependabot/go_modules/golang.org/x/sys-0.38.0
• 07adb2a Merge pull request #1514 from smallstep/dependabot/go_modules/github.com/ccoveille/go-safecast-1.8.2
• 32f8ca1 Upgrade to v2 of github.com/ccoVeille/go-safecast
• e1ab9d4 Bump github.com/ccoveille/go-safecast from 1.8.1 to 1.8.2
• a3321a0 Merge pull request #1515 from smallstep/dependabot/github_actions/softprops/action-gh-release-2.4.2
• de1f1d6 Bump softprops/action-gh-release from 2.4.1 to 2.4.2
• de72540 Bump golang.org/x/sys from 0.37.0 to 0.38.0
• 60a338d Merge pull request #1511 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.73.0
• dc1dc3d Bump go.step.sm/crypto from 0.72.0 to 0.73.0
• ce1fb68 Merge pull request #1510 from smallstep/dependabot/go_modules/github.com/ccoveille/go-safecast-1.8.1
• bccc1bc Use go-safecast generic Convert function to convert integers
• 03159db Remove deprecated +build tags
• 46ab13d Bump github.com/ccoveille/go-safecast from 1.7.0 to 1.8.1
• 9b02d1e Merge pull request #1508 from smallstep/dependabot/go_modules/github.com/smallstep/linkedca-0.25.0
• df4cb83 Bump github.com/smallstep/linkedca from 0.24.0 to 0.25.0
• 092256d Merge pull request #1433 from itoffshore/jq
• ac0f5c8 Merge pull request #1506 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.72.0
• a8d42a7 Bump go.step.sm/crypto from 0.70.0 to 0.72.0
• d2b42de Merge pull request #1504 from smallstep/dependabot/go_modules/github.com/ccoveille/go-safecast-1.7.0
• c677881 Merge pull request #1505 from smallstep/dependabot/go_modules/github.com/smallstep/cli-utils-0.12.2
• c0575b2 Bump github.com/smallstep/cli-utils from 0.12.1 to 0.12.2
• 800b3c0 Bump github.com/ccoveille/go-safecast from 1.6.1 to 1.7.0
• 2715db0 Merge pull request #1500 from smallstep/dependabot/go_modules/github.com/slackhq/nebula-1.9.7
• 656ab02 Merge pull request #1501 from smallstep/dependabot/github_actions/softprops/action-gh-release-2.4.1
• 9575fae Merge pull request #1502 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.43.0
• ca8f21c Bump golang.org/x/crypto from 0.42.0 to 0.43.0
• 4e5982c Bump softprops/action-gh-release from 2.3.4 to 2.4.1
• 5aae3da Bump github.com/slackhq/nebula from 1.9.6 to 1.9.7
• d555219 Merge pull request #1495 from smallstep/mariano/client-authentication
• c8fd9a7 Do not require client authentication if not enabled
• 48e8a11 Merge pull request #1493 from smallstep/dependabot/go_modules/google.golang.org/protobuf-1.36.10
• 869f9fb Merge pull request #1494 from smallstep/dependabot/github_actions/softprops/action-gh-release-2.3.4
• 19ad7fd Bump softprops/action-gh-release from 2.3.3 to 2.3.4
• 23fe796 Bump google.golang.org/protobuf from 1.36.9 to 1.36.10
• 6386950 Merge pull request #1490 from smallstep/mariano/gcp-organization-id
• 5c85efa Add remote configuration of the GCP organization id
• 57a60ca Merge pull request #1489 from smallstep/dependabot/go_modules/github.com/google/go-tpm-0.9.6
• b5a19eb Bump github.com/google/go-tpm from 0.9.5 to 0.9.6
• 0049c9f Merge pull request #1486 from smallstep/dependabot/github_actions/ad-m/github-push-action-1.0.0
• 9c40432 Merge pull request #1487 from smallstep/dependabot/go_modules/google.golang.org/protobuf-1.36.9
• c5a51f3 Bump google.golang.org/protobuf from 1.36.8 to 1.36.9
• b345c89 Bump ad-m/github-push-action from 0.8.0 to 1.0.0
• f9fbe9b Merge pull request #1483 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.42.0
• 7e79592 Remove testscript conditionals for Go versions < 1.24
• c186eb7 Update expected error message for insecure RSA key generation
• ce15665 Make a bad RSA key by overriding the modulus
• c104030 Bump golang.org/x/crypto from 0.41.0 to 0.42.0
• 5303cb0 Merge pull request #1481 from smallstep/dependabot/github_actions/softprops/action-gh-release-2.3.3
• 3d0f34b Merge pull request #1482 from smallstep/dependabot/github_actions/actions/setup-go-6.0.0
• e40ebf4...

Step CLI v0.28.7 (25-07-14)

Official Release Artifacts

Below are the most popular artifacts for step on each platform.

For packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Linux

• 📦 step_linux_0.28.7_amd64.tar.gz
• 📦 step_linux_0.28.7_arm64.tar.gz
• 📦 step_linux_0.28.7_armv7.tar.gz
• 📦 step-cli_0.28.7-1_amd64.deb
• 📦 step-cli-0.28.7-1.x86_64.rpm
• 📦 step-cli_0.28.7-1_arm64.deb
• 📦 step-cli-0.28.7-1.aarch64.rpm
• see Assets below for more builds

macOS Darwin

• 📦 step_darwin_0.28.7_amd64.tar.gz
• 📦 step_darwin_0.28.7_arm64.tar.gz

Windows

• 📦 step_windows_0.28.7_amd64.zip
• 📦 step_windows_0.28.7_arm64.zip

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.28.7_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.28.7_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.28.7_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 6bc838d Bump to [email protected] (#1454)
• 939805a Fix broken test (#1452)
• 3e9adc2 Changelog updates (#1448)
• 60a4eef Fix linter warnings (#1450)
• cb9a523 Merge pull request #1451 from smallstep/carl/readme
• 7725db9 Small tweaks to README
• 632b477 Merge pull request #1447 from smallstep/mariano/plugin
• 12ad189 Fix step-kms-plugin name
• de23b94 Apply suggestions from code review
• e18fcdc Add a plugins section to the README
• b578783 Merge pull request #1446 from smallstep/herman/fix-testscript-runmain-deprecation
• 6a18dda Fix deprecation of testscript.RunMain
• fdc34f4 Merge pull request #1445 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.67.0
• d9ae211 Bump go.step.sm/crypto from 0.66.0 to 0.67.0
• f7dac16 Bump github.com/rogpeppe/go-internal from 1.13.1 to 1.14.1
• ec725b7 Merge pull request #1442 from smallstep/dependabot/go_modules/github.com/go-chi/chi/v5-5.2.2
• b99c3df Bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2
• c791bbf Merge pull request #1426 from smallstep/herman/testscript
• 279e638 Allow changing the app name at compile time through AppName
• 1932842 Add check_certificate and check_jwk_without_password
• 9cce28a Merge pull request #1440 from smallstep/dependabot/go_modules/github.com/urfave/cli-1.22.17
• c030605 Bump github.com/urfave/cli from 1.22.16 to 1.22.17
• 5e20728 Merge pull request #1439 from smallstep/dependabot/github_actions/softprops/action-gh-release-2.3.2
• 7fb48a6 Bump softprops/action-gh-release from 2.2.2 to 2.3.2
• 2944159 Refactor step crypto jwk create commands into using testscript
• 1a494ce Refactor step crypto jwt sign and step crypto jwt verify tests
• 298ff27 Refactor step crypto otp tests into using testscript
• f641332 Use --password-file to provide password to step crypto keypair
• 1fc663b Refactor step crypto keypair tests to use testscript
• 825b161 Replace several old integration style tests with testscript tests
• f338d80 Refactor CLI to make it testable using testscript
• a4a846a Merge pull request #1436 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.39.0
• f8c1eaf Ignore insecure ssh.KeyAlgoDSA usages using nolint
• edca39f Bump golang.org/x/crypto from 0.38.0 to 0.39.0

Thanks!

Those were the changes on v0.28.7!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.

Step CLI v0.28.7-rc9 (25-07-13)

Official Release Artifacts

Below are the most popular artifacts for step on each platform.

For packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Linux

• 📦 step_linux_0.28.7-rc9_amd64.tar.gz
• 📦 step_linux_0.28.7-rc9_arm64.tar.gz
• 📦 step_linux_0.28.7-rc9_armv7.tar.gz
• 📦 step-cli_0.28.7.rc9-1_amd64.deb
• 📦 step-cli-0.28.7.rc9-1.x86_64.rpm
• 📦 step-cli_0.28.7.rc9-1_arm64.deb
• 📦 step-cli-0.28.7.rc9-1.aarch64.rpm
• see Assets below for more builds

macOS Darwin

• 📦 step_darwin_0.28.7-rc9_amd64.tar.gz
• 📦 step_darwin_0.28.7-rc9_arm64.tar.gz

Windows

• 📦 step_windows_0.28.7-rc9_amd64.zip
• 📦 step_windows_0.28.7-rc9_arm64.zip

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.28.7-rc9_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.28.7-rc9_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.28.7-rc9_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 454b853 Pin goreleaser to 2.10.2

Thanks!

Those were the changes on v0.28.7-rc9!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.

Release v0.28.7-rc8

Revert goreleaser action back to main

Step CLI v0.28.7-rc7 (25-07-13)

Official Release Artifacts

Below are the most popular artifacts for step on each platform.

For packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Linux

• 📦 step_linux_0.28.7-rc7_amd64.tar.gz
• 📦 step_linux_0.28.7-rc7_arm64.tar.gz
• 📦 step_linux_0.28.7-rc7_armv7.tar.gz
• 📦 step-cli_0.28.7.rc7-1_amd64.deb
• 📦 step-cli-0.28.7.rc7-1.x86_64.rpm
• 📦 step-cli_0.28.7.rc7-1_arm64.deb
• 📦 step-cli-0.28.7.rc7-1.aarch64.rpm
• see Assets below for more builds

macOS Darwin

• 📦 step_darwin_0.28.7-rc7_amd64.tar.gz
• 📦 step_darwin_0.28.7-rc7_arm64.tar.gz

Windows

• 📦 step_windows_0.28.7-rc7_amd64.zip
• 📦 step_windows_0.28.7-rc7_arm64.zip

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.28.7-rc7_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.28.7-rc7_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.28.7-rc7_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• bc148d4 Try using pinned version of goreleaser

Thanks!

Those were the changes on v0.28.7-rc7!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.

Step CLI v0.28.7-rc11 (25-07-13)

Official Release Artifacts

Below are the most popular artifacts for step on each platform.

For packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Linux

• 📦 step_linux_0.28.7-rc11_amd64.tar.gz
• 📦 step_linux_0.28.7-rc11_arm64.tar.gz
• 📦 step_linux_0.28.7-rc11_armv7.tar.gz
• 📦 step-cli_0.28.7.rc11-1_amd64.deb
• 📦 step-cli-0.28.7.rc11-1.x86_64.rpm
• 📦 step-cli_0.28.7.rc11-1_arm64.deb
• 📦 step-cli-0.28.7.rc11-1.aarch64.rpm
• see Assets below for more builds

macOS Darwin

• 📦 step_darwin_0.28.7-rc11_amd64.tar.gz
• 📦 step_darwin_0.28.7-rc11_arm64.tar.gz

Windows

• 📦 step_windows_0.28.7-rc11_amd64.zip
• 📦 step_windows_0.28.7-rc11_arm64.zip

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.28.7-rc11_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.28.7-rc11_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.28.7-rc11_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 02a388d Revert acl change

Thanks!

Those were the changes on v0.28.7-rc11!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.

Step CLI v0.28.7-rc10 (25-07-13)

Official Release Artifacts

Below are the most popular artifacts for step on each platform.

For packaged versions (Homebrew, Scoop, etc.), see our installation docs.

Linux

• 📦 step_linux_0.28.7-rc10_amd64.tar.gz
• 📦 step_linux_0.28.7-rc10_arm64.tar.gz
• 📦 step_linux_0.28.7-rc10_armv7.tar.gz
• 📦 step-cli_0.28.7.rc10-1_amd64.deb
• 📦 step-cli-0.28.7.rc10-1.x86_64.rpm
• 📦 step-cli_0.28.7.rc10-1_arm64.deb
• 📦 step-cli-0.28.7.rc10-1.aarch64.rpm
• see Assets below for more builds

macOS Darwin

• 📦 step_darwin_0.28.7-rc10_amd64.tar.gz
• 📦 step_darwin_0.28.7-rc10_arm64.tar.gz

Windows

• 📦 step_windows_0.28.7-rc10_amd64.zip
• 📦 step_windows_0.28.7-rc10_arm64.zip

Signatures and Checksums

step uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Download/step_darwin_0.28.7-rc10_amd64.tar.gz.pem \
  --signature ~/Downloads/step_darwin_0.28.7-rc10_amd64.tar.gz.sig \
  --certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ~/Downloads/step_darwin_0.28.7-rc10_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 45f771b Revert to main goreleaser action again, leave out acl attribute

Thanks!

Those were the changes on v0.28.7-rc10!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.

Release v0.28.7-rc6

empty commit

Release v0.28.7-rc5

empty commit