How do I see all of my existing provisioners’ settings? :

It’s often helpful to inspect the details of an existing provisioner. Doing so will help you understand the default behavior of the provisioner and which flags you’ll need to pass to generate the desired certificate.

In some cases, the provisioner’s settings may completely prevent the creation of the desired certificate; inspecting the provisioner can help you troubleshoot any related errors if they come up.

Assuming that you’ve already bootstrapped to the authority and that you’re working in the corresponding context (if using multiple authorities), run the following command to list all provisioners on the authority:

$ step ca provisioner list

[
   {
      "type": "OIDC",
      "name": "authority-admin",
      "clientID": "0cca...652b",
      "clientSecret": "db7fb...20961",
      "configurationEndpoint": "<https://auth.smallstep.com/oidc/team-slug/.well-known/openid-configuration>",
      "admins": [
         "name@company.com"
      ],
      "listenAddress": "127.0.0.1:10000",
      "claims": {
         ...
    }
    ...
]

If you’d prefer to retrieve specific information about a single provisioner, you can instead use the corresponding beta command to get this configuration:

$ step beta ca provisioner get authority-admin

No admin credentials found. You must login to execute admin commands.
✔ Please enter admin name/subject (e.g., name@example.com): hunter@smallstep.com
✔ Provisioner: authority-admin (OIDC) [client: 0cca8885-3c94-4b15-aac5-a44cd659e92b]
Your default web browser has been opened to visit:

<https://auth.smallstep.com/oidc/...1%3A10000&response_type=code&scope=openid+email&state=jsgaN8QkpEQozNg6rMX>

{
  "id": "6fa...739",
  "authorityId": "21...db",
  "type": "OIDC",
  "name": "authority-admin",
  "details": {
    "OIDC": {
      "clientId": "0c...2b",
      "clientSecret": "db1...20969bb41",
      "configurationEndpoint": "<https://auth.smallstep.com/oidc/team-slug/.well-known/openid-configuration>",
      "admins": [
        "name@company.com"
      ],
      "listenAddress": "127.0.0.1:10000"
    }
  },
  "claims": {
    "x509": {
      "enabled": true,
      "durations": {}
    },
    "ssh": {
      "enabled": true,
      "userDurations": {},
      "hostDurations": {}
    }
  }
}

Check command reference to see available flags to pass with the command.

How do I see all of my existing provisioners’ settings? Print

Related Articles