Operations Reference

Documentation.

Strictly rigorous infrastructure guidelines spanning installation, network configuration, and operational commands for the Forged daemon.

Installation

Forged is distributed as a single ~13MB binary compiled purely in Go with zero external CGO dependencies.

SYSTEM macOS
READY
brew install forged
SYSTEM Linux / macOS (BASH)
READY
curl -fsSL https://forged.ritik.me/install.sh | sh
SYSTEM Compile locally
READY
git clone https://github.com/itzzritik/forged
cd forged
just build-cli
./bin/forged setup

Setup Workflow

Execute the initialization wizard to construct the encrypted vault, ingest your raw plaintext SSH keys from ~/.ssh, bind the local daemon executable system services, and modify ~/.ssh/config.

SYSTEM Terminal
READY
forged setup
System Diagnostic Warning

A mandatory master password ensures cryptographic safety over the database locally using Argon2id derivation. Protect this passphrase strictly.

The daemon auto-boots on desktop login automatically via launchctl/systemd binding patterns. No external supervision necessary.

Execution

Once bootstrapped, your CLI effectively passes through the Forged agent protocol. Compatible across any standard clients observing SSH_AUTH_SOCK.

SYSTEM Workflow
READY
$ ssh myserver                     # Resolves automatically
$ git commit -m "deploy v2"        # Automatically signed via SSH key

Entity Management

Manage the lifecycle of keys directly inside the vault without ever touching the filesystem in plaintext.

SYSTEM Management
READY
$ forged generate my-key -c "me@host"    # Auto-generates Ed25519
$ forged add work --file ~/.ssh/id_ed25519  # Ingest existing payload
$ forged list                               # Global index status
$ forged list --json                        # CI Pipeline indexing
$ forged export my-key                      # Output stdout PK
$ forged rename my-key github               # Modify identifier
$ forged remove old-key                     # Hard delete entity

Migrate payloads from existing sources using ingestion protocols:

SYSTEM Migration Protocol
READY
$ forged migrate --from ssh          # Import id_rsa/id_ed25519 from ~/.ssh/
$ forged migrate --from 1password    # Import via 1Password CLI interface
$ forged migrate --from agent        # List keys in current ssh-agent (public only)

Regex & Host Matching

Enforce strict mappings computationally. Banish "Too many authentication attempts" failures entirely by binding specific keys exclusively to specific domains.

SYSTEM Routing Configuration
READY
$ forged host github "github.com" "*.github.com"
$ forged host deploy "*.prod.company.com" "10.0.*"
$ forged host api "~^api\\d+\\.example\\.com$"  # Regex via ~ prefix
$ forged hosts                       # List all active host mappings
$ forged unhost deploy "10.0.*"      # Remove a host mapping

[ Manual overrides via local architecture ]

Alternatively, you can manually define patterns inside your local ~/.forged/config.toml:

SYSTEM config.toml
READY
[[hosts]]
name = "GitHub"
match = ["github.com", "*.github.com"]
key = "github"
git_signing = true

[[hosts]]
name = "Production"
match = ["*.prod.company.com", "10.0.*"]
key = "deploy"

Signature Verification

Enable rigorous provenance tracing by utilizing SSH signatures instead of traditional GPG protocols. The signing command configures your global Git settings automatically.

SYSTEM Terminal
READY
$ forged signing                     # Interactive key selector
$ forged signing my-key              # Assign specific key for signing
$ forged signing --off               # Disable Git commit signing

[ Equivalent manual configuration ]

Under the hood, this writes the following to your global ~/.gitconfig:

SYSTEM ~/.gitconfig
READY
[user]
    signingkey = ssh-ed25519 AAAA...
[gpg]
    format = ssh
[gpg "ssh"]
    program = /path/to/forged-sign
[commit]
    gpgsign = true

Multi-node Sync

Operates over an isolated Blob infrastructure ensuring true zero-knowledge properties across device synchronization matrices.

SYSTEM Sync Pipeline
READY
$ forged login                # Init OAuth tokenization payload
$ forged sync                 # Propagate full vault state
$ forged sync status          # Monitor sync pipeline operations
$ forged logout               # Scrub auth caches thoroughly

Core Configurations

  • macOS: ~/.forged/config.toml
  • Linux: ~/.config/forged/config.toml
SYSTEM config.toml
READY
[agent]
socket = "~/.forged/agent.sock"
log_level = "info"

[sync]
enabled = false

Unified Call Stack

SYSTEM CLI Reference
READY
# Lifecycle
forged setup                     Bootstrap vault and daemon
forged start / stop              Manage daemon service
forged status                    Show daemon and key info
forged doctor                    Diagnose common issues
forged doctor --fix              Diagnose and auto-fix issues
forged version                   Print version info

# Keys
forged generate [name]           Generate new Ed25519 key
forged add <name> --file <path>  Import existing key
forged list                      List all keys
forged remove <name>             Delete a key
forged export <name>             Output public key
forged rename <old> <new>        Rename a key

# Host Routing
forged host <key> <patterns>     Map key to host patterns
forged hosts                     List all host mappings
forged unhost <key> <pattern>    Remove a host mapping

# Git Signing
forged signing [key]             Configure commit signing
forged signing --off             Disable commit signing

# Cloud Sync
forged login                     Authenticate via browser
forged sync                      Sync vault to cloud
forged sync status               Show sync state
forged logout                    Clear credentials

# Maintenance
forged enable / disable          Toggle SSH agent integration
forged change-password           Change master password
forged migrate --from <source>   Import from ssh/1password/agent
forged benchmark                 Test Argon2id performance
forged logs                      Tail daemon logs