Secrets and Fly Apps

Secrets allow sensitive values, such as credentials, to be passed securely to your Fly applications. A secret has a name and a value and can be set for a specific application. The secret is then encrypted and stored in a value. When the application is run, these secrets are made available as environment variables to the running application.

You can specify secrets for your application using the flyctl secrets command.

Setting Secrets

The flyctl secrets set command will set one or more application secrets then perform a release.

flyctl secrets set MY_SECRET=romance DATABASE_URL=postgres://example.com/mydb

These will be set as $MY_SECRET and $DATABASE_URL environment variables within your application processes.

Note: if a secret you set causes your app to crash within 30s, the release will fail and your app will continue to run with previous secrets.

Removing Secrets

The flyctl secrets unset command will clear one or more secret values.

flyctl secrets unset MY_SECRET DATABASE_URL

Listing Secrets

flyctl secrets list

      NAME     |              DIGEST              |  DATE
+--------------+----------------------------------+---------+
  MY_SECRET    | b9e37b7b239ee4aefc75352fe3fa6dc6 | 17s ago
  DATABASE_URL | cdbe3268a82bfe993921b9cae2a526af | 17s ago

For security reasons, we do not allow read access to the plain-text values of secrets.