> step-ca
Run a private certificate authority with step-ca. Use when a user asks to issue internal TLS certificates, set up mTLS between services, create a private PKI, or manage certificates for internal infrastructure.
curl "https://skillshub.wtf/TerminalSkills/skills/step-ca?format=md"step-ca (Smallstep)
Overview
step-ca is a private certificate authority for issuing TLS certificates to internal services. Automated certificate issuance, renewal, and revocation — like Let's Encrypt but for private infrastructure.
Instructions
Step 1: Initialize CA
brew install step
step ca init --name "Internal CA" --dns localhost --address :443 --provisioner admin
Step 2: Issue Certificates
step-ca $(step path)/config/ca.json # start CA server
step ca certificate api.internal api.crt api.key # issue cert
Step 3: Auto-Renewal
step ca renew --daemon api.crt api.key # auto-renews before expiry
Step 4: mTLS Between Services
// server.ts — Node.js server with mutual TLS
import https from 'https'
import fs from 'fs'
const server = https.createServer({
cert: fs.readFileSync('server.crt'),
key: fs.readFileSync('server.key'),
ca: fs.readFileSync('root_ca.crt'),
requestCert: true, // require client certificate
rejectUnauthorized: true,
}, (req, res) => {
const clientCN = req.socket.getPeerCertificate().subject.CN
res.end('Hello ' + clientCN)
})
Guidelines
- Use step-ca for internal services, Let's Encrypt for public-facing.
- Short-lived certs (24h) with auto-renewal are more secure than long-lived ones.
- ACME protocol support — works with Certbot, Caddy.
- Integrates with Kubernetes cert-manager for automatic pod certificates.
> related_skills --same-repo
> zustand
You are an expert in Zustand, the small, fast, and scalable state management library for React. You help developers manage global state without boilerplate using Zustand's hook-based stores, selectors for performance, middleware (persist, devtools, immer), computed values, and async actions — replacing Redux complexity with a simple, un-opinionated API in under 1KB.
> zod
You are an expert in Zod, the TypeScript-first schema declaration and validation library. You help developers define schemas that validate data at runtime AND infer TypeScript types at compile time — eliminating the need to write types and validators separately. Used for API input validation, form validation, environment variables, config files, and any data boundary.
> xero-accounting
Integrate with the Xero accounting API to sync invoices, expenses, bank transactions, and contacts — and generate financial reports like P&L and balance sheet. Use when: connecting apps to Xero, automating bookkeeping workflows, syncing accounting data, or pulling financial reports programmatically.
> windsurf-rules
Configure Windsurf AI coding assistant with .windsurfrules and workspace rules. Use when: customizing Windsurf for a project, setting AI coding standards, creating team-shared Windsurf configurations, or tuning Cascade AI behavior.