Step CA

---

Step CA provides the infrastructure, automations, and workflows to securely create and operate a private certificate authority. step-ca makes it easy for developers, operators and security teams to manage certificates for production workloads. It can also integrate with Cert Manager to provide ACME certificates to allow TLS security for your own internal domain to separate internal services from external services.

Product: Step CA
Install Type: Helm (Chart)
Container Image: Direct from Smallstep

Installation Details

The process for Step CA is a little different than many other Helm deployments. Before you begin, you will need to install the step CLI tool. Follow these instructions from Smallstep to install step. Once you have installed step, add the repository with:

helm repo add smallstep https://smallstep.github.io/helm-charts/
helm repo update

After that, we use the step tool you installed earlier to create a values.yaml file with some needed root and intermediate CA information:

step ca init --helm > values.yaml

We also need a password for the install. You can generate this with:

echo "password" | base64 > password.txt

You can then go ahead and install Step CA with:

helm install -f values.yaml \
     --set inject.secrets.ca_password=$(cat password.txt) \
     --set inject.secrets.provisioner_password=$(cat password.txt) \
     --set service.targetPort=9000 \
     step-certificates smallstep/step-certificates

Now that you have successfully installed, you can further integrate it into your cluster. While Smallstep does provide a certificate manager, I opted to use Cert Manager (which I already had operational with Let's Encrypt) by following these instructions to configure Step CA with Cert Manager