step

Execute one debugger instruction

TLDR

Inspect the contents of a certificate

$ step certificate inspect [path/to/certificate.crt]

Create a root CA certificate and a key (append --no-password --insecure to skip private key password protection)

$ step certificate create "[Example Root CA]" [path/to/root-ca.crt] [path/to/root-ca.key] --profile root-ca

Generate a certificate for a specific hostname and sign it with the root CA (generating a CSR can be skipped for simplification)

$ step certificate create [hostname.example.com] [path/to/hostname.crt] [path/to/hostname.key] --profile leaf --ca [path/to/root-ca.crt] --ca-key [path/to/root-ca.key]

Verify a certificate chain

$ step certificate verify [path/to/hostname.crt] --roots [path/to/root-ca.crt] --verbose

Convert a PEM format certificate to DER and write it to disk

$ step certificate format [path/to/certificate.pem] --out [path/to/certificate.der]

Install or uninstall a root certificate in the system's default trust store

$ step certificate [install|uninstall] [path/to/root-ca.crt]

Create a RSA/EC private and public keypair (append --no-password --insecure to skip private key password protection)

$ step crypto keypair [path/to/public_key] [path/to/private_key] --kty [RSA|EC]

Show help for subcommands

The step command is a built-in shell function (typically in shells like bash and zsh) that allows users to execute shell commands one line at a time. This is extremely useful for debugging shell scripts, understanding complex pipelines, or simply observing the flow of execution in detail. When invoked, step executes the next command in the shell's history with tracing enabled. Each command is executed individually, showing the expanded command line and any intermediate results. The user can then proceed to the next command by pressing ENTER. This provides granular control and enhanced visibility into the shell's behavior, making it a powerful tool for debugging and learning.
It's important to note that step is not a standalone executable but a shell built-in. Therefore its functionality depends on which shell is used. The command can be used interactively or programmatically within a script.

CAVEATS

The step command is a shell built-in; its availability and behavior can vary depending on the specific shell being used (e.g., bash, zsh, fish). It only steps through commands available in the shell history and does not work with external executables unless called directly via the shell. When using step in a shell script, you might want to use a debugger instead since step is more geared towards interactive usage.

USAGE EXAMPLE

After executing `step`, press ENTER to proceed to the next command in history. The expanded command will be shown before execution, and standard output/error will be displayed as usual. You can exit the stepping mode at any time by pressing Ctrl+C.

DEBUGGING

Using step is a basic debugging technique. It reveals the exact command being executed, which is essential for identifying errors like incorrect variable expansions or unexpected control flow. For more sophisticated debugging, consider using shell debuggers like bashdb.

HISTORY

The step command's history is tied to the development of interactive shells like bash and zsh. It emerged as a debugging and educational tool, offering a way to trace command execution. While precise origins are difficult to pinpoint, step functions emerged in shells to offer line-by-line code introspection. It aims to make debugging shell scripts easier to grasp. The adoption of step depended largely on the popularity of the specific shell that implemented it.