Automic VaultAutomic Vault

brew / approval gates

Install mkcert with Homebrew, apk, chocolatey, apt, dnf, MacPorts, Nix, pacman, scoop, winget, zypper

Simple tool to make locally trusted development certificates. Version 1.4.4 via Homebrew; verified from local package data.

agent safety

Agent safety answer

mkcert creates local certificate authorities and development certificates.

Credential access

Touches local trust stores and private key material.

Remote mutation

Primarily mutates local trust state, not remote systems.

Publish/artifact risk

Can create certificates that influence development service trust.

Recommended control

Gate CA installation and private-key handling.

Agent-use guidance

Allow certificate inspection; require approval before installing trust roots or writing private keys.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install mkcert

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install mkcert

MacPorts ports tree · security/mkcert/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add mkcert

Alpine Linux edge package indexes · mkcert · source: dl-cdn.alpinelinux.org

Debian aptverified · 92%
sudo apt install mkcert

Debian stable package indexes · mkcert · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install mkcert

Fedora Rawhide package metadata · mkcert · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#mkcert

nixpkgs package indexes · pkgs/by-name/mk/mkcert/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S mkcert

Arch Linux sync databases · mkcert · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install mkcert

openSUSE Tumbleweed package metadata · mkcert · source: download.opensuse.org

Windows

Chocolateyverified · 92%
choco install mkcert

Chocolatey community package catalog · mkcert · source: community.chocolatey.org

Scoopverified · 92%
scoop install extras/mkcert

Scoop official bucket manifest trees · bucket/mkcert.json · source: api.github.com

Windows Package Managerverified · 92%
winget install --id FiloSottile.mkcert -e

Windows Package Manager source index · FiloSottile.mkcert · source: cdn.winget.microsoft.com

overview

Package summary

Simple tool to make locally trusted development certificates

Commands and aliases

  • mkcert

history

Project history and usage

mkcert is Filippo Valsorda's small Go tool for locally trusted development certificates. It appeared in the 2018 developer conversation around localhost HTTPS and was explained by Valsorda in a January 2019 post: deployment certificates had become easier through ACME and Let's Encrypt, but development still fell back to HTTP because localhost and private development names cannot use ordinary public CA validation.

Project history

The tool's core idea is deliberately narrow. Instead of asking each developer to memorize OpenSSL invocations or manage browser trust stores by hand, mkcert creates a local certificate authority, installs it into the system and Firefox/NSS trust stores where supported, and issues certificates for local hostnames, IP addresses, and wildcards. The upstream README also warns that the generated root CA private key can intercept secure requests from the machine, which is why mkcert is framed as a local development tool rather than production CA infrastructure.

How it is used

mkcert became a common package-manager utility because it solves a recurring web-development pain point with one command and no project-specific configuration. Homebrew, MacPorts, Linux packages, and prebuilt binaries cover the usual developer platforms, while the README leaves web-server configuration to the user after the certificate and key are generated.

approval gates

Human review metadata for risky commands

The local approval-gate seed includes 4 rules for mkcert. Covered entrypoints: mkcert. Severity labels: critical, high. Coverage: partial, reviewed 2026-05-21.

Example gated actions

  • Install the local CA into system or browser trust stores.
  • Remove the local CA from trust stores.
  • Generate local certificates and private keys.
  • Write certificate or key files to caller-specified paths.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Credential files

Credential-bearing paths to review before unattended agent runs.

macOS
~/Library/Application Support/mkcert/rootCA-key.pem

executables

Installed executables

CommandKindExposureNote
mkcertcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.4.4
manager updated
local dataok
upstreamcurrent
latest detectedv1.4.4

https://github.com/FiloSottile/mkcert

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:mkcert
Version1.4.4
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/mkcert
Homepagehttps://github.com/FiloSottile/mkcert
Repositoryhttps://github.com/FiloSottile/mkcert
Upstream docshttps://github.com/FiloSottile/mkcert#readme
LicenseBSD-3-Clause
Source archivehttps://github.com/FiloSottile/mkcert/archive/refs/tags/v1.4.4.tar.gz
Build dependenciesgo
Bottleavailable (on arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, catalina, monterey, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namemkcert
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

mkcert 1.4.4-1+b18

Simple zero-config tool to make locally trusted certificates

https://github.com/FiloSottile/mkcert

sudo apt install mkcert
  • Section: utils
  • Architecture: amd64
  • Source Package: mkcert
  • 1 dependencies
  • normalized package name match
  • Matched by: Mkcert
Debian stable package indexes · deb.debian.org · Debian stable package indexes: mkcert from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

mkcert

nix profile install nixpkgs#mkcert
  • normalized package name match
  • Matched by: Mkcert
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/mk/mkcert/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

mkcert 1.4.4-1ubuntu2

Simple zero-config tool to make locally trusted certificates

https://github.com/FiloSottile/mkcert

sudo apt install mkcert
  • Section: universe/utils
  • Architecture: amd64
  • 1 dependencies
  • normalized package name match
  • Matched by: Mkcert
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: mkcert from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

mkcert 1.4.4-r29

simple zero-config tool to make locally trusted development certificates with any names you'd like

https://mkcert.dev/

sudo apk add mkcert
  • License: BSD-3-Clause
  • Architecture: x86_64
  • Source Package: mkcert
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Mkcert
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: mkcert from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
dnf95%

mkcert 1.4.4-9.fc45

Make and install locally trusted development certificates

https://github.com/FiloSottile/mkcert

sudo dnf install mkcert
  • License: BSD-2-Clause-Views AND BSD-3-Clause
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: mkcert
  • 4 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Mkcert
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: mkcert from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

mkcert 1.4.4-3

Simple tool for making locally-trusted development certificates

https://github.com/FiloSottile/mkcert

sudo pacman -S mkcert
  • License: BSD
  • Architecture: x86_64
  • 1 dependencies
  • normalized package name match
  • Matched by: Mkcert
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: mkcert from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

mkcert 1.4.4-1.4

CLI tool for making locally-trusted development certificates

https://github.com/FiloSottile/mkcert

sudo zypper install mkcert
  • License: BSD-3-Clause
  • Category: Development/Tools/Other
  • Architecture: x86_64
  • Source Package: mkcert
  • 2 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Mkcert
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: mkcert from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

mkcert

sudo port install mkcert
  • normalized package name match
  • Matched by: Mkcert
MacPorts ports tree · api.github.com · MacPorts ports tree: security/mkcert/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Chocolatey95%

mkcert

choco install mkcert
  • normalized package name match
  • Matched by: Mkcert
Chocolatey community package catalog · community.chocolatey.org · Chocolatey community package catalog: mkcert from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','mirc'
Scoop95%

extras/mkcert

scoop install extras/mkcert
  • normalized package name match
  • Matched by: Mkcert
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/mkcert.json from https://api.github.com/repos/ScoopInstaller/Extras/git/trees/master?recursive=1
winget95%

FiloSottile.mkcert

winget install --id FiloSottile.mkcert -e
  • normalized package name match
  • Matched by: Mkcert
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: FiloSottile.mkcert from https://cdn.winget.microsoft.com/cache/source.msix

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • approval-gate seed metadata
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment