diff --git a/authority/export.go b/authority/export.go
index 8a5a257f..dce52292 100644
--- a/authority/export.go
+++ b/authority/export.go
@@ -9,7 +9,7 @@ import (
 
 	"github.com/pkg/errors"
 	"github.com/smallstep/certificates/authority/provisioner"
-	"go.step.sm/cli-utils/config"
+	"go.step.sm/cli-utils/step"
 	"go.step.sm/linkedca"
 	"google.golang.org/protobuf/types/known/structpb"
 )
@@ -245,7 +245,7 @@ func mustReadFileOrURI(fn string, m map[string][]byte) string {
 		return ""
 	}
 
-	stepPath := filepath.ToSlash(config.StepPath())
+	stepPath := filepath.ToSlash(step.Path())
 	if !strings.HasSuffix(stepPath, "/") {
 		stepPath += "/"
 	}
@@ -257,7 +257,7 @@ func mustReadFileOrURI(fn string, m map[string][]byte) string {
 		panic(err)
 	}
 	if ok {
-		b, err := ioutil.ReadFile(config.StepAbs(fn))
+		b, err := ioutil.ReadFile(step.Abs(fn))
 		if err != nil {
 			panic(errors.Wrapf(err, "error reading %s", fn))
 		}
diff --git a/authority/provisioners.go b/authority/provisioners.go
index 7e02126f..8aebcc3e 100644
--- a/authority/provisioners.go
+++ b/authority/provisioners.go
@@ -13,7 +13,7 @@ import (
 	"github.com/smallstep/certificates/authority/config"
 	"github.com/smallstep/certificates/authority/provisioner"
 	"github.com/smallstep/certificates/errs"
-	step "go.step.sm/cli-utils/config"
+	"go.step.sm/cli-utils/step"
 	"go.step.sm/cli-utils/ui"
 	"go.step.sm/crypto/jose"
 	"go.step.sm/linkedca"
@@ -523,7 +523,7 @@ func provisionerOptionsToLinkedca(p *provisioner.Options) (*linkedca.Template, *
 		if p.X509.Template != "" {
 			x509Template.Template = []byte(p.SSH.Template)
 		} else if p.X509.TemplateFile != "" {
-			filename := step.StepAbs(p.X509.TemplateFile)
+			filename := step.Abs(p.X509.TemplateFile)
 			if x509Template.Template, err = ioutil.ReadFile(filename); err != nil {
 				return nil, nil, errors.Wrap(err, "error reading x509 template")
 			}
@@ -539,7 +539,7 @@ func provisionerOptionsToLinkedca(p *provisioner.Options) (*linkedca.Template, *
 		if p.SSH.Template != "" {
 			sshTemplate.Template = []byte(p.SSH.Template)
 		} else if p.SSH.TemplateFile != "" {
-			filename := step.StepAbs(p.SSH.TemplateFile)
+			filename := step.Abs(p.SSH.TemplateFile)
 			if sshTemplate.Template, err = ioutil.ReadFile(filename); err != nil {
 				return nil, nil, errors.Wrap(err, "error reading ssh template")
 			}
diff --git a/pki/pki.go b/pki/pki.go
index b0f2c886..8bc07dae 100644
--- a/pki/pki.go
+++ b/pki/pki.go
@@ -293,16 +293,17 @@ func WithKeyURIs(rootKey, intermediateKey, hostKey, userKey string) Option {
 // PKI represents the Public Key Infrastructure used by a certificate authority.
 type PKI struct {
 	linkedca.Configuration
-	Defaults      linkedca.Defaults
-	casOptions    apiv1.Options
-	caService     apiv1.CertificateAuthorityService
-	caCreator     apiv1.CertificateAuthorityCreator
-	keyManager    kmsapi.KeyManager
-	config        string
-	defaults      string
-	ottPublicKey  *jose.JSONWebKey
-	ottPrivateKey *jose.JSONWebEncryption
-	options       *options
+	Defaults        linkedca.Defaults
+	casOptions      apiv1.Options
+	caService       apiv1.CertificateAuthorityService
+	caCreator       apiv1.CertificateAuthorityCreator
+	keyManager      kmsapi.KeyManager
+	config          string
+	defaults        string
+	profileDefaults string
+	ottPublicKey    *jose.JSONWebKey
+	ottPrivateKey   *jose.JSONWebEncryption
+	options         *options
 }
 
 // New creates a new PKI configuration.