
Step: A New Zero Trust Swiss Army Knife from Smallstep - transpute
https://smallstep.com/blog/zero-trust-swiss-army-knife.html
======
mmalone
I work at smallstep and figured I'd add a bit more context. `step` implements
a bunch of "zero trust" primitives: authenticated encryption (X.509, TLS),
single sign-on (OAuth OIDC), multi-factor authentication (OATH OTP), and
encryption / signing (JWE, JWT, NaCl). We built the tool for our customers to
debug and operate our certificate authority, OAuth IdP, and to authenticate to
our identity-aware / policy-enforcing proxy from the command line. Some of
these infra bits will be open sourced too, over time.

In the meantime we figured the core tool might be useful to other people for
debugging, scripting, and automation. You can use it in a bash script to
authenticate to Google using OAuth, or to securely connect to your own
services that use OAuth OIDC for single sign-on. You can use it to implement
MFA for SSH. You can use it to encrypt secrets for services (simple secret
management). It's also got all of the core functionality you need to build a
simple certificate authority. It's still pretty low level at the moment, but
it's a whole lot easier to use for this sort of stuff than OpenSSL. Hope
people find it useful!

