step ca init command initializes a public key infrastructure (PKI) to be
used by the Certificate Authority.
The path of an existing PEM file to be used as the root certificate authority.
The path of an existing key file of the root certificate authority.
Generate only the PKI without the CA configuration.
Create keys to sign SSH certificates.
Generates a Helm values YAML to be used with step-certificates chart.
The name of the deployment type to use. Options are:
standalone: An instance of step-ca that does not connect to any cloud services. You
manage authority keys and configuration yourself.
Choose standalone if you'd like to run step-ca yourself and do not want
cloud services or commercial support.
linked: An instance of step-ca with locally managed keys that connects to your
Certificate Manager account for provisioner management, alerting,
reporting, revocation, and other managed services.
Choose linked if you'd like cloud services and support, but need to
control your authority's signing keys.
hosted: A highly available, fully-managed instance of step-ca run by smallstep
just for you.
Choose hosted if you'd like cloud services and support.
The name of an existing provisioner in the issuer CA.
This flag is supported in "StepCAS".
The registration authority credentials file to use.
If CloudCAS is used, this flag should be the path to a service account key.
It can also be set using the 'GOOGLE_APPLICATION_CREDENTIALS=path'
environment variable or the default service account in an instance in Google
Generate a CA configuration without the DB stanza. No persistence layer.
The name of the context for the new authority.
Enable Remote Management. Defaults to false.
Create a default ACME provisioner. Defaults to false.
The admin subject to use for generating admin credentials.
The name that will serve as the profile name for the context.
The name that will serve as the authority name for the context.