Menu
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
step crypto change-pass
Name
step crypto change-pass -- change password of an encrypted private key (PEM or JWK format)
Usage
step crypto change-pass <key-file>
[--out=<file>] [--password-file=<file>] [--new-password-file=<file>]
[--insecure] [--no-password]
Description
step crypto change-pass extracts and decrypts the private key from a file and encrypts and serializes the key to disk using a new password.
Positional arguments
key-file
The PEM or JWK file with the encrypted key.
Options
--password-file=file
The path to the file containing the password to decrypt the private key.
--new-password-file=file
The path to the file containing the password to encrypt the private key.
--out=file, --output-file=file
The file new encrypted key path. Default to overwriting the key positional argument
-f, --force Force the overwrite of files without asking.
--insecure
--no-password Do not ask for a password to encrypt a private key. Sensitive key material will be written to disk unencrypted. This is not recommended. Requires --insecure flag.
Examples
Change password for PEM formatted key:
$ step crypto change-pass key.pem
Remove password for PEM formatted key:
$ step crypto change-pass key.pem --no-password --insecure
Change password for PEM formatted key and write encrypted key to different file:
$ step crypto change-pass key.pem --out new-key.pem
Change password for JWK formatted key:
$ step crypto change-pass key.jwk
Removed password for JWK formatted key:
$ step crypto change-pass key.jwk --no-password --insecure
Change password for JWK formatted key:
$ step crypto change-pass key.jwk --out new-key.jwk
Subscribe to updates
Unsubscribe anytime. See our privacy policy.
© 2023 Smallstep Labs, Inc. All rights reserved.