Credential access
Touches local trust stores and private key material.
brew / approval gates
Simple tool to make locally trusted development certificates. Version 1.4.4 via Homebrew; verified from local package data.
agent safety
mkcert creates local certificate authorities and development certificates.
Touches local trust stores and private key material.
Primarily mutates local trust state, not remote systems.
Can create certificates that influence development service trust.
Gate CA installation and private-key handling.
Allow certificate inspection; require approval before installing trust roots or writing private keys.
install
brew install mkcertlocal Homebrew formula metadata
sudo port install mkcertMacPorts ports tree · security/mkcert/Portfile · source: api.github.com
sudo apk add mkcertAlpine Linux edge package indexes · mkcert · source: dl-cdn.alpinelinux.org
sudo apt install mkcertDebian stable package indexes · mkcert · source: deb.debian.org
sudo dnf install mkcertFedora Rawhide package metadata · mkcert · source: dl.fedoraproject.org
nix profile install nixpkgs#mkcertnixpkgs package indexes · pkgs/by-name/mk/mkcert/package.nix · source: api.github.com
sudo pacman -S mkcertArch Linux sync databases · mkcert · source: geo.mirror.pkgbuild.com
sudo zypper install mkcertopenSUSE Tumbleweed package metadata · mkcert · source: download.opensuse.org
choco install mkcertChocolatey community package catalog · mkcert · source: community.chocolatey.org
scoop install extras/mkcertScoop official bucket manifest trees · bucket/mkcert.json · source: api.github.com
winget install --id FiloSottile.mkcert -eWindows Package Manager source index · FiloSottile.mkcert · source: cdn.winget.microsoft.com
overview
Simple tool to make locally trusted development certificates
history
mkcert is Filippo Valsorda's small Go tool for locally trusted development certificates. It appeared in the 2018 developer conversation around localhost HTTPS and was explained by Valsorda in a January 2019 post: deployment certificates had become easier through ACME and Let's Encrypt, but development still fell back to HTTP because localhost and private development names cannot use ordinary public CA validation.
The tool's core idea is deliberately narrow. Instead of asking each developer to memorize OpenSSL invocations or manage browser trust stores by hand, mkcert creates a local certificate authority, installs it into the system and Firefox/NSS trust stores where supported, and issues certificates for local hostnames, IP addresses, and wildcards. The upstream README also warns that the generated root CA private key can intercept secure requests from the machine, which is why mkcert is framed as a local development tool rather than production CA infrastructure.
mkcert became a common package-manager utility because it solves a recurring web-development pain point with one command and no project-specific configuration. Homebrew, MacPorts, Linux packages, and prebuilt binaries cover the usual developer platforms, while the README leaves web-server configuration to the user after the certificate and key are generated.
approval gates
The local approval-gate seed includes 4 rules for mkcert. Covered entrypoints: mkcert. Severity labels: critical, high. Coverage: partial, reviewed 2026-05-21.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Credential-bearing paths to review before unattended agent runs.
~/Library/Application Support/mkcert/rootCA-key.pemexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
mkcert | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/FiloSottile/mkcert
install metadata
| Package key | brew:mkcert |
|---|---|
| Version | 1.4.4 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/mkcert |
| Homepage | https://github.com/FiloSottile/mkcert |
| Repository | https://github.com/FiloSottile/mkcert |
| Upstream docs | https://github.com/FiloSottile/mkcert#readme |
| License | BSD-3-Clause |
| Source archive | https://github.com/FiloSottile/mkcert/archive/refs/tags/v1.4.4.tar.gz |
| Build dependencies | go |
| Bottle | available (on arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, catalina, monterey, sonoma, ventura, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | mkcert |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
mkcert 1.4.4-1+b18
Simple zero-config tool to make locally trusted certificates
https://github.com/FiloSottile/mkcert
sudo apt install mkcertmkcert
nix profile install nixpkgs#mkcertmkcert 1.4.4-1ubuntu2
Simple zero-config tool to make locally trusted certificates
https://github.com/FiloSottile/mkcert
sudo apt install mkcertmkcert 1.4.4-r29
simple zero-config tool to make locally trusted development certificates with any names you'd like
sudo apk add mkcertmkcert 1.4.4-9.fc45
Make and install locally trusted development certificates
https://github.com/FiloSottile/mkcert
sudo dnf install mkcertmkcert 1.4.4-3
Simple tool for making locally-trusted development certificates
https://github.com/FiloSottile/mkcert
sudo pacman -S mkcertmkcert 1.4.4-1.4
CLI tool for making locally-trusted development certificates
https://github.com/FiloSottile/mkcert
sudo zypper install mkcertmkcert
sudo port install mkcertmkcert
choco install mkcertextras/mkcert
scoop install extras/mkcertFiloSottile.mkcert
winget install --id FiloSottile.mkcert -esource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.