Smallstep
Smallstep — open source PKI, mutual TLS, and SSH certificate authority for zero-trust infrastructure.
Our Verdict
The best developer experience in open-source PKI today; ideal for internal mTLS and zero-trust.
Pros
- Modern open-source CA with ACME support
- First-class mTLS and SSH certificate flows
- step CLI is pleasant to use
- Cloud and self-hosted options
Cons
- Commercial tier required for full features
- Smaller ecosystem than legacy PKI vendors
- Advanced policies still maturing
- Docs assume some PKI background
Best for: Platform teams rolling out internal mTLS and SSH certs with sane UX.
Not for: Orgs needing full public-trust CA services at scale.
When to Use Smallstep
Good fit if you need
- mTLS certificate automation for zero-trust microservices
- SSH certificate authority for short-lived infrastructure access
- ACME server for internal PKI without public CA dependency
- JWK and OIDC-based identity-linked certificate issuance
- Developer-friendly PKI for cloud-native service mesh security
Lock-in Assessment
Low 5/5
Lock-in Score 5/5
Pricing
Price wrong?Smallstep Pricing
- Pricing Model
- freemium
- Free Tier
- Yes
- Entry Price
- —
- Enterprise Available
- No
- Transparency Score
- —
Beta — estimates may differ from actual pricing
1,000
1001K10K100K1M
Estimated Monthly Cost
$25
Estimated Annual Cost
$300
Estimates are approximate and may not reflect current pricing. Always check the official pricing page.
Community Discussion
Comments powered by Giscus (GitHub Discussions). You need a GitHub account to comment.