Removed legacy *. SSL certificate

In an effort to ensure secure access to the Forge and adhere to SSL certificate best practices, we've recently dropped usage of our legacy * wildcard certificate. For most users, this won't change anything about how you interact with the Forge.

Users who are utilizing an older client without support for server name indication (SNI) to access modules on the Forge may need to configure their client to point to the Forge at, rather than This may include Puppet Module Tool in version 3.8 and below of Puppet.

If you’re running into new issues accessing the Forge and you use an older client without SNI, let us know in the #forge-modules channel in our community Slack or email us at, and we’ll do our best to help you troubleshoot.

New Windows Collection page

We're excited to share our new Windows Collection page! It includes some of our favorite resources on using Puppet with Windows, along with how-to guides and modules specifically for use on Windows.

As always, your questions and feedback are welcome in the #forge-modules channel in our community Slack. We'd love to hear what you think!

Bolt plan information now available in the Forge API

The Forge JSON API now includes information about a module's Bolt plans in API responses. Read more in our documentation on listing the plans in a module version or fetching details for a specific plan.

Responses for other endpoints (for fetching a module, for example) have been updated with links to the plan endpoints where appropriate for convenience.

Bolt plans are now visible on the Forge

Modules on the Forge site that include Bolt plans now feature a "Plans" tab, which lists all available plans and their parameters. See our LVM module's Plans tab for an example.

If you're a module author and you don't see your plan parameters documented on the Forge, you may need to add the right doc comments to your code -- our puppet-strings documentation can get you started.

Implemented rate limiting to improve response times

We recently made a change to improve responsiveness of the Forge API and website.

Over time, we had noticed that requests from a small number of IP addresses were able to noticeably impact performance for both the Forge API service and website. Previously, we implemented a form of soft rate limiting, where clients with a large number of requests over a given period of time were placed into a separate, slower queue for receiving responses.

After several months of evaluation, we determined that even with our soft rate limiting implementation, some clients were still able to impact other traffic by generating a large number of requests. In January, we added a hard rate limiting implementation such that clients who make a very large number of requests over a short period of time are first added to the soft rate limiting queue, and after maintaining a high number of requests for a period of time, will be hard rate limited and receive HTTP 429 Too Many Requests responses for a 10 minute period.

This change has improved response times for typical Forge usage, but please let us know at if you believe your usage is being unduly hard rate limited.

New how-to: Automate patch management on Windows and Linux with real-time reporting

We've posted a new step-by-step guide to patching on our configuration management page.

You'll learn how to use Bolt and Puppet Enterprise to patch your devices on demand or on a schedule, with options for blackout windows and patch sets.

Your questions and feedback are always welcome in the #forge-modules channel in our community Slack!

New how-to: Deploy Splunk Enterprise with Bolt

Check out our new configuration management page, where you'll find our first step-by-step guide on using Bolt to install and configure Splunk Enterprise.

We'd love to hear your feedback on these new pages and guides in the #forge-modules channel of our community Slack.

Look for more configuration management how-tos soon!

Fixed incorrect module compatibility scoring

Our module scoring service was erroneously reporting releases as incompatible with Puppet 5.5 if the release metadata included a Puppet version_requirement > 5.6. We've fixed the scoring service so that it now incorporates new versions of Puppet, and a rescoring of all existing releases has been completed.

We've got a larger update for module scoring and evaluation in the works that will streamline future changes and remove the need for periodic updates to support new versions of Puppet.

Modules with multiple implementations of the same task are now supported

Recent versions of Bolt allow multiple implementations of the same task -- the Forge API now allows uploads of modules containing tasks with multiple implementations.

Each task release now includes an executables field, listing the names of executables for each implementation of the task. This replaces the old, singular executable field, which is now deprecated. An executable value is still included for backwards compatibility, and it will contain the first entry from the executables list.

You'll see this change in the tasks field of API responses for module releases. See the API docs for the release endpoint for details.

Added `slugs` parameter to `GET /v3/modules`

The Forge API's module listing endpoint now supports a slugs query parameter which allows you to fetch information for a list of specific modules in a single request:

curl ",puppetlabs-apache,puppetlabs-motd"

Note that since you already are providing a specific list of modules, most of the searching and filtering parameters are not allowed in combination with the new slugs parameter. However, output formatting parameters such as with_html, include_fields, and exclude_fields are still allowed.

Learn more by reading the API documentation for the GET /v3/modules endpoint.