Administration Guide

Welcome to the Forge Administration Guide. This guide provides comprehensive information for installing, configuring, and maintaining your Forge instance.

What is Forge?

Forge is a modern, open-source web interface for running automation tasks with enterprise-grade compliance features. It is designed to be a lightweight, fast, and easy-to-use alternative to more complex automation platforms.

It allows you to securely manage and execute tasks for:

• Ansible playbooks
• Terraform/OpenTofu infrastructure-as-code
• Terragrunt and Terramate for Terraform orchestration
• Packer for golden image building
• Pulumi for modern IaC
• PowerShell and Shell scripts
• Python scripts

Core Features & Philosophy

Understanding Forge's design principles can help you get the most out of it:

• Lightweight and Performant: Forge is written in Go and distributed as a single binary file. It has minimal resource requirements (CPU/RAM) and does not require external dependencies like Kubernetes, Docker, or a JVM. This makes it fast, efficient, and easy to deploy.

• Simple to Install and Maintain: You can get Forge running in minutes. The Linux Service Installer provides automated setup with systemd service installation, TLS configuration, and Vault integration. Installation can be as simple as downloading the binary and running it. The simple architecture makes upgrades and maintenance straightforward.

• Flexible Deployment: Run it as a binary, as a systemd service, or in a Docker container. It's suitable for everything from a personal homelab to enterprise environments.

• Self-Hosted and Secure: Forge is a self-hosted solution. All your data, credentials, and logs remain on your own infrastructure, giving you full control. Credentials are always encrypted in the database. HashiCorp Vault integration is available for advanced secret management.

• Enterprise Compliance: Built-in support for DISA STIG compliance, OpenSCAP scanning, policy packs, and multiple compliance frameworks (CIS, NIST, PCI-DSS).

• Powerful Integrations: While simple, Forge supports powerful features like LDAP/OpenID authentication, detailed role-based access control (RBAC) per project, remote runners for scaling out task execution, golden image management with Packer, infrastructure import with Terraformer, and a full REST API for programmatic access.

Quick Links

Installation

• Overview
  • Linux Service Installer - Recommended for Linux servers
  • Docker
  • Binary File
  • Kubernetes (Helm chart)
  • Cloud Platforms

Configuration

• Overview
  • Configuration File
  • Environment Variables
  • Interactive Setup

Database

• Overview
  • SQLite (Default)
  • PostgreSQL
  • MySQL
  • BoltDB

Security

• Overview
  • TLS Configuration
  • Session Management
  • Database Security
  • Network Security
  • Reverse Proxy
    • NGINX
    • Apache

Authentication

• Overview
  • LDAP
  • OpenID Connect
    • GitHub
    • Google
    • GitLab
    • Azure AD
    • Keycloak
    • Okta
    • Authentik
    • Authelia
    • Gitea
    • Zitadel

Secret Management

• Overview
  • HashiCorp Vault
  • OpenBao
  • Local Encryption

Operations

• System Binaries - Manage Packer, Terraform, Ansible, etc.
• Runners - Remote execution agents
• CLI Tools - Command-line administration
• Logging - Log management and analysis
• Notifications - Email, Slack, Teams, etc.
• API - REST API reference

Maintenance

• Upgrading
• Troubleshooting