Automic VaultAutomic Vault

brew / Protected-Tool-Abdeckung / Approval Gates / Rang 87

mkcert installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für mkcert in AI-Agent-Workflows.

InstallationsbefehlSicherheitshinweise

agent safety

Agent safety answer

mkcert creates local certificate authorities and development certificates.

Credential access

Touches local trust stores and private key material.

Remote mutation

Primarily mutates local trust state, not remote systems.

Publish/artifact risk

Can create certificates that influence development service trust.

Recommended control

Gate CA installation and private-key handling.

Agent-use guidance

Allow certificate inspection; require approval before installing trust roots or writing private keys.

Installation

Mit Automic Vault installieren

Automic Vault
AV herunterladen
sudo av install brew:mkcert

macOS

Homebrewverified · 100%
brew install mkcert

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install mkcert

MacPorts ports tree · security/mkcert/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add mkcert

Alpine Linux edge package indexes · mkcert · source: dl-cdn.alpinelinux.org

Debian aptverified · 92%
sudo apt install mkcert

Debian stable package indexes · mkcert · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install mkcert

Fedora Rawhide package metadata · mkcert · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#mkcert

nixpkgs package indexes · pkgs/by-name/mk/mkcert/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S mkcert

Arch Linux sync databases · mkcert · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install mkcert

openSUSE Tumbleweed package metadata · mkcert · source: download.opensuse.org

Windows

Chocolateyverified · 92%
choco install mkcert

Chocolatey community package catalog · mkcert · source: community.chocolatey.org

Scoopverified · 92%
scoop install extras/mkcert

Scoop official bucket manifest trees · bucket/mkcert.json · source: api.github.com

Windows Package Managerverified · 92%
winget install --id FiloSottile.mkcert -e

Windows Package Manager source index · FiloSottile.mkcert · source: cdn.winget.microsoft.com

Plattformhinweise

  • Es waren keine paketspezifischen Plattformhinweise vorhanden.

Überblick

Paketzusammenfassung

Simple tool to make locally trusted development certificates

Befehle und Aliase

  • mkcert

Protected-Tool-Abdeckung

Plain Text Root CA Private Key

`mkcert` stores its local root CA private key as rootCA-key.pem in the user CAROOT directory. Our isotope stores that private key in the macOS keychain and exposes it through a temporary CAROOT only while `mkcert` runs.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 13 platform targets.
  • Build metadata lists 1 build dependencies.

Lokaler README-Auszug

mkcert Protected-tool coverage

mkcert creates a local certificate authority and stores its private key as rootCA-key.pem in the user CAROOT directory.

This protected-tool coverage migrates rootCA-key.pem into the Automic Vault keychain and wraps mkcert so the key is materialized in a temporary CAROOT only while mkcert is running.

Caveats

  • We currently migrate the default CAROOT, or the CAROOT set during migration.
  • The public rootCA.pem file remains on disk.
  • Existing shells that execute the original binary directly will not receive

the root CA key.

Quelle: local coverage notes

Quelle der Abdeckung

Quellauszug

Caveats

  • We currently migrate the default CAROOT, or CAROOT set during migration.
  • The public rootCA.pem file remains on disk.
  • Direct execution of the original binary will not receive the root CA key.

Approval Gates

Human review metadata for risky commands

The local approval-gate seed includes 4 rules for mkcert. Covered entrypoints: mkcert. Severity labels: critical, high. Coverage: partial, reviewed 2026-05-21.

Beispiele für gated Aktionen

  • Install the local CA into system or browser trust stores.
  • Remove the local CA from trust stores.
  • Generate local certificates and private keys.
  • Write certificate or key files to caller-specified paths.

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
mkcertcliglobal executable

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-06-10
Manager-Version1.4.4
Manager aktualisiert
lokale Datenok
Upstreamcurrent
neueste erkannte Versionv1.4.4

https://github.com/FiloSottile/mkcert

  • infoNo package-manager update timestamp was available.low confidence

Installationsmetadaten

Paketmetadaten

Package keybrew:mkcert
Version1.4.4
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/mkcert
Homepagehttps://github.com/FiloSottile/mkcert
Repositoryhttps://github.com/FiloSottile/mkcert
Upstream docshttps://github.com/FiloSottile/mkcert#readme
LicenseBSD-3-Clause
Source archivehttps://github.com/FiloSottile/mkcert/archive/refs/tags/v1.4.4.tar.gz
Build dependenciesgo
Bottleavailable (arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, catalina, monterey, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namemkcert
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

mkcert 1.4.4-1+b18

Simple zero-config tool to make locally trusted certificates

https://github.com/FiloSottile/mkcert

sudo apt install mkcert
  • Section: utils
  • Architecture: amd64
  • Source Package: mkcert
  • 1 dependencies
  • normalized package name match
  • Matched by: Mkcert
Debian stable package indexes · deb.debian.org · Debian stable package indexes: mkcert from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

mkcert

nix profile install nixpkgs#mkcert
  • normalized package name match
  • Matched by: Mkcert
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/mk/mkcert/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

mkcert 1.4.4-1ubuntu2

Simple zero-config tool to make locally trusted certificates

https://github.com/FiloSottile/mkcert

sudo apt install mkcert
  • Section: universe/utils
  • Architecture: amd64
  • 1 dependencies
  • normalized package name match
  • Matched by: Mkcert
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: mkcert from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

mkcert 1.4.4-r29

simple zero-config tool to make locally trusted development certificates with any names you'd like

https://mkcert.dev/

sudo apk add mkcert
  • License: BSD-3-Clause
  • Architecture: x86_64
  • Source Package: mkcert
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Mkcert
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: mkcert from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
dnf95%

mkcert 1.4.4-9.fc45

Make and install locally trusted development certificates

https://github.com/FiloSottile/mkcert

sudo dnf install mkcert
  • License: BSD-2-Clause-Views AND BSD-3-Clause
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: mkcert
  • 4 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Mkcert
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: mkcert from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/13ee7b80cb813542594d4235c4a0b8695435d5ecf23dd3580bc7515ae1b6180d-primary.xml.zst
pacman95%

mkcert 1.4.4-3

Simple tool for making locally-trusted development certificates

https://github.com/FiloSottile/mkcert

sudo pacman -S mkcert
  • License: BSD
  • Architecture: x86_64
  • 1 dependencies
  • normalized package name match
  • Matched by: Mkcert
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: mkcert from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

mkcert 1.4.4-1.4

CLI tool for making locally-trusted development certificates

https://github.com/FiloSottile/mkcert

sudo zypper install mkcert
  • License: BSD-3-Clause
  • Category: Development/Tools/Other
  • Architecture: x86_64
  • Source Package: mkcert
  • 2 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Mkcert
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: mkcert from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst
MacPorts95%

mkcert

sudo port install mkcert
  • normalized package name match
  • Matched by: Mkcert
MacPorts ports tree · api.github.com · MacPorts ports tree: security/mkcert/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Chocolatey95%

mkcert

choco install mkcert
  • normalized package name match
  • Matched by: Mkcert
Chocolatey community package catalog · community.chocolatey.org · Chocolatey community package catalog: mkcert from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','mitelconnect'
Scoop95%

extras/mkcert

scoop install extras/mkcert
  • normalized package name match
  • Matched by: Mkcert
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/mkcert.json from https://api.github.com/repos/ScoopInstaller/Extras/git/trees/master?recursive=1
winget95%

FiloSottile.mkcert

winget install --id FiloSottile.mkcert -e
  • normalized package name match
  • Matched by: Mkcert
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: FiloSottile.mkcert from https://cdn.winget.microsoft.com/cache/source.msix

Paketgraph

Links stammen aus dem lokalen Paketbeziehungsgraph, Ergänzungen, Abhängigkeitskanten, Ecosystem-Matches und Paket-Hub-Mitgliedschaft.

Verwandte Tools

  • goBuild dependency declared by Homebrew.

Gleicher Workflow

  • certbotShares av.db curated category or tags: certificates, cli, https, security, tls.
  • showcertShares av.db curated category or tags: certificates, cli, security, tls.
  • certigoShares av.db curated category or tags: certificates, cli, security, tls.
  • cripShares av.db curated category or tags: certificates, cli, security, tls.
  • minicaShares av.db curated category or tags: certificates, cli, security, tls.
  • certstrapShares av.db curated category or tags: certificates, cli, security, tls.

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • approval-gate seed metadata
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • external package-manager database matches
  • local coverage README
  • package relationship graph
  • package version freshness
  • package-page enrichment
  • secret-handling manifest