Deploy & first start
You have a compiled Forge binary. This guide covers configuration, first start, and getting your CLI ready.
forge.config
Create a forge.config file next to your binary:
base_url = https://yoursite.com
https = true
nav_mode = dbThe secret key is forbidden in config files. Pass it as an environment variable:
export FORGE_SECRET=your-64-hex-char-secretopenssl rand -hex 32First start
Run the binary. On first start, if no tokens exist, Forge creates a bootstrap-admin token automatically and prints it once to the log:
WARN forge: bootstrap-admin token created token=eyJpZCI6...Copy the token value. It is shown once and never stored in plaintext. This is your break-glass admin credential — store it somewhere safe.
forge-cli init
Use the bootstrap token to configure the Forge CLI:
forge-cli init --url https://yoursite.com --bootstrap-token eyJpZCI6...This command: 1. Validates that your instance is reachable (/_health) 2. Creates a named admin token via the bootstrap token 3. Writes .forge-cli.env with FORGE_URL and FORGE_TOKEN 4. Verifies the new token works
Your CLI is now configured. The bootstrap token remains valid as a break-glass backup.
Verify
curl https://yoursite.com/_health{"status":"ok","forge":"1.16.0"}You are live.