Deployment
Fly Secrets (ENV)
Managing environment variables in Fly.io
When to use this page
- You need to store runtime secrets for a Fly application.
- You want secure secret updates without rebuilding the image.
Prerequisites
- Fly app is created.
flyctlis authenticated to the correct organization.- Secret values are prepared and validated.
Fly Secrets are encrypted environment variables available at runtime. Use them for API keys, database URLs, tokens, and other sensitive values.
Documentation: https://fly.io/docs/apps/secrets/
No rebuild required
Changing secrets does not trigger a full rebuild — it only restarts your Machines with the updated environment variables.
Managing secrets
You can manage secrets either through the Fly Dashboard UI or via the CLI.
Setting secrets
fly secrets set SECRET_KEY=valueYou can set multiple secrets at once:
fly secrets set DATABASE_URL=postgres://... REDIS_URL=redis://...Listing secrets
fly secrets listThis shows secret names and their last updated timestamps. Values are never displayed.
Removing secrets
fly secrets unset SECRET_KEYVerify
fly secrets listshows all required keys.- App restart picks up new values after secret changes.
- Application health checks still pass after updates.
Troubleshooting
- Secret appears set but app still uses old value: Confirm app restart completed and no duplicate env source overrides it.
- Accidentally removed secret: Re-add immediately and redeploy if startup fails.