diff --git a/modules/features/shell-tools.nix b/modules/features/shell-tools.nix
index f9c8e6f..339948d 100644
--- a/modules/features/shell-tools.nix
+++ b/modules/features/shell-tools.nix
@@ -32,6 +32,7 @@
       # binName = "show-tools";
       package = (pkgs.symlinkJoin {
         name = "show-tools";
+        meta.mainProgram = "show-tools";
         paths = with pkgs; [
           nh
           ripgrep
diff --git a/modules/features/step-client.nix b/modules/features/step-client.nix
new file mode 100644
index 0000000..df6107e
--- /dev/null
+++ b/modules/features/step-client.nix
@@ -0,0 +1,51 @@
+{ self, inputs, ... }:
+let
+  bootstrapWrapper = inputs.wrappers.lib.wrapModule ({config, lib, wlib, ... }: {
+    options = {
+      caURL = lib.mkOption {
+        type = lib.types.str;
+      };
+      fingerprint = lib.mkOption {
+        type = lib.types.str;
+      };
+      install = lib.mkEnableOption "Install the cert to the system trust store";
+    };
+
+    config = {
+      package = config.pkgs.step-cli; # (1)!
+      binName = "bootstrap";
+      args = [
+        "ca" "bootstrap"
+        "--ca-url" config.caURL
+        "--fingerprint" config.fingerprint
+      ];
+    };
+  });
+in
+{
+  perSystem = { system, self', pkgs, lib, ... }: {
+    packages.step-client = inputs.wrappers.lib.wrapPackage {
+      inherit pkgs;
+      package = (pkgs.symlinkJoin {
+        name = "step";
+        meta.mainProgram = "step";
+        paths = with pkgs; [
+          self'.packages.step-bootstrap
+        ];
+      });
+    };
+
+    packages.step-bootstrap = (bootstrapWrapper.apply {
+      inherit pkgs;
+      caURL = "https://janus.john-stream.com";
+      fingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6";
+      install = true;
+    }).wrapper;
+  };
+
+  flake.modules.homeManager.myStepClient = { config, pkgs, lib, ... }: {
+    home.packages = [
+      inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.step-bootstrap
+    ];
+  };
+}
\ No newline at end of file
diff --git a/modules/hosts/janus/default.nix b/modules/hosts/janus/default.nix
index 73b56e9..1b46cef 100644
--- a/modules/hosts/janus/default.nix
+++ b/modules/hosts/janus/default.nix
@@ -94,16 +94,4 @@ in
       }
     ];
   };
-
-  perSystem = { system, pkgs, lib, ... }: {
-    packages.janus-ca = inputs.wrappers.lib.wrapPackage {
-      inherit pkgs;
-      package = pkgs.step-cli;
-      binName = "janus-cert";
-      args = [
-        "ca" "certificate"
-        "--ca-url=${ca-url}"
-      ];
-    };
-  };
 }
\ No newline at end of file
diff --git a/modules/hosts/john-pc/default.nix b/modules/hosts/john-pc/default.nix
index 5118963..f3c2c27 100644
--- a/modules/hosts/john-pc/default.nix
+++ b/modules/hosts/john-pc/default.nix
@@ -32,6 +32,8 @@ in
       restic
       docker
       desktop
+      # sshCerts
+      # myStepClient
     ];
     # TODO: make this more restrictive, rather than allowing all unfree packages
     nixpkgs.config.allowUnfree = true;
@@ -44,10 +46,11 @@ in
     home.packages = with pkgs; [
       nixos-rebuild
       test-push
-      selfPkgs.neovim-min
-      # ${selfPkgs}.my-neovim
-      # selfPkgs.richPrinter
-      selfPkgs.janus-ca
+      selfPkgs.jsl-zsh
+      selfPkgs.my-neovim
+      selfPkgs.step-client
+      # selfPkgs.wg-platform
+      # self'.packages.myWrappedPackage
     ];
 
     shell.program = "zsh";