What’s new in ForgeOps 2025.2
In the ForgeOps 2025.2 release, the team focused on streamlining secrets provisioning and rotation in ForgeOps deployment environments. It’s planned to deprecate the proprietary secret agent operator and move to use a more generic industry-familiar third-party tooling.
Highlights
- Provision secrets using the secret generator operator
-
Forgeops secret generator is used to replace secret agent. The secret generator will be the default secrets provisioning tool in a future release. Learn more about Secret Generator.
- Key stores can be provisioned by a Kubernetes job
-
The key stores can be provisioned using the new
keystore-create
Kubernetes job. This requires you to set up the secret generator in your ForgeOps deployment. Learn more about Secret Generator. - Trust stores are no longer provisioned by the secret agent
-
The default root certificate authorities are now provided by OpenSSL in the container. Learn more about providing user-supplied certificates to the truststore.
- DS password rotation without downtime
-
New forgeops rotate command uses multiple
userPassword
fields enables no downtime DS password rotations. - New script to migrate secrets from secret agent to secret generator
-
The new
migrate.py
script assists with migrating secrets enabled by the secret agent to the new secret generator. Learn more about how to migrate secrets to secret generator. - Upgrade Kustomize overlays to use new secrets
-
New forgeops upgrade command option upgrades your Kustomize overlays to support the new secrets base layout.
- New forgeops prereqs command
-
The forgeops prereqs command enables setting up the prerequisites, such as certificate agent, ingress controller, and secret management. Learn more about the new forgeops prereqs command here.
- New secrets reference guide
-
The new platform secret descriptions and mount points are described in the Secrets Reference.
Documentation Updates
- ForgeOps docs are on the Developer site
-
ForgeOps documentation can now be accessed through the Develop with Ping Identity site. To access ForgeOps documentation from there, click Build > ForgeOps.
- New Technology Preview section
-
A new technology preview section has been added, describing the secret generator and its setup process.
Release information
Further release information is available in the ForgeOps 2025.2
release notes