step

by Smallstepv0.30.6

Last updated Jun 11, 2026

A Swiss army knife for working with X.509 certificates, JWTs, etc.

Install with winget

$ winget install --id Smallstep.step --exact --version 0.30.6

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

step-cli lets you build, operate, and automate Public Key Infrastructure (PKI)

systems and workflows. It's a swiss army knife for authenticated encryption

(X.509, TLS), single sign-on (OAuth OIDC, SAML), multi-factor authentication

(OATH OTP, FIDO U2F), encryption mechanisms (JSON Web Encryption, NaCl),

and verifiable claims (JWT, SAML assertions).

Installers · v0.30.6

Architecture	Type	Scope	Install	Download
x64	Portable	-		Direct
arm64	Portable	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

2 known CVEs via NVD

low3.7Patched in wingetCVE-2026-40097affects before 0.30.0Apr 10, 2026
Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key (AK) certificate with an empty Extended Key...
Patch Vendor advisory
critical10.0Patched in wingetCVE-2026-30836affects before 0.30.0Mar 19, 2026
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0.
Patch Vendor advisory

Source: NVD, updated 2h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr.

Related apps

S
step-caSmallstep
Smallstep.step-cav0.30.2
A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management.
C
Codex CLIOpenAI, Inc.
OpenAI.Codexv0.139.0
Codex CLI is an open‑source local coding agent that runs in your terminal, letting you write, edit, and understand code without leaving the command line.
Ente Authente
ente-io.auth-desktopv4.4.23
Open source 2FA authenticator, with end-to-end encrypted backups.
Proton VPNProton AG
Proton.ProtonVPNv4.4.1
High-speed Swiss VPN that safeguards your privacy.
Oh My PoshJan De Dobbeleer
JanDeDobbeleer.OhMyPoshv29.14.0
Prompt theme engine for any shell
Sera AntivirusYash12007
Yash12007.SeraAntivirusv3.0.0
Minimal, calm antivirus with real-time safety score and built-in system tools.

More from Smallstep or browse cli, smallstep, pki.

Frequently asked questions

How do I install step on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id Smallstep.step --exact --version 0.30.6. winget downloads the installer from Smallstep and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install step silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id Smallstep.step --exact 0.30.6 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall step via winget?

Run: winget uninstall --id Smallstep.step --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from step's Apps & Features entry.

Is step free?

step is distributed under Apache-2.0. Refer to the publisher (https://github.com/smallstep/cli) for the full license terms - Wingetly itself does not charge for installation.

Does step work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls step directly from the publisher.

How do I keep step up to date?

Run winget upgrade --id Smallstep.step --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of step from microsoft/winget-pkgs.

Recent versions

0.30.6latest
0.30.5
0.30.4
0.30.2
0.30.1
0.30.0
0.28.7
0.28.6
0.28.5
0.28.3