What’s new in ForgeOps 2025.2

Forgeops secret generator is used to replace secret agent. The secret generator will be the default secrets provisioning tool in a future release. Learn more about Secret Generator.

The key stores can be provisioned using the new keystore-create Kubernetes job. This requires you to set up the secret generator in your ForgeOps deployment. Learn more about Secret Generator.

The default root certificate authorities are now provided by OpenSSL in the container. Learn more about providing user-supplied certificates to the truststore.

New forgeops rotate command uses multiple userPassword fields enables no downtime DS password rotations.

The new migrate.py script assists with migrating secrets enabled by the secret agent to the new secret generator. Learn more about how to migrate secrets to secret generator.

New forgeops upgrade command option upgrades your Kustomize overlays to support the new secrets base layout.

The forgeops prereqs command enables setting up the prerequisites, such as certificate agent, ingress controller, and secret management. Learn more about the new forgeops prereqs command here.

The new platform secret descriptions and mount points are described in the Secrets Reference.

ForgeOps documentation can now be accessed through the Develop with Ping Identity site. To access ForgeOps documentation from there, click Build > ForgeOps.

A new technology preview section has been added, describing the secret generator and its setup process.