Cannot add Private Key using flyctl to a environment variable

What am I trying to do?

flyctl secrets set SEARCH_CONSOLE_PRIVATE_KEY=-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BA\nvnwq7Zd3diJpxE46aRQwlJ9LRNitjt2/OUcXkc7AIy7xasAl8c0jADttPpW26Slk\nd/VCCxH7JssXsV8dHvn1Xc3r\n-----END PRIVATE KEY-----\n

Error Im getting :

Error could not parse secrets: ‘PRIVATE’: must be in the format NAME=VALUE

next I tried passing through fly.toml

Error I got : Error failed loading app config from C:\Users\Administrator\xxx\fly.toml: toml: line 9 (last key “env.SEARCH_CONSOLE_PRIVATE_KEY”): expected a digit but got ‘-’

Searching online hasnt been fruitful. Please help me out. :frowning:


I’m guessing the characters in the key (like newlines) are confusing the CLI. It may be as simple as wrapping the value in quotation marks. Try:

flyctl secrets set SEARCH_CONSOLE_PRIVATE_KEY="the-value-here"


To add to Greg’s answer, see these two handy tricks to load multi-line values into Fly secrets via flyctl:

I hope this isn’t a private key in actual use. If it is sensitive, rotate it.


It does works when I add it as " " but the problem is google search console wont load anything.


Well first, if that was the real value, as @ignoramous says, rotate it. Which would mean at the very least it needs updating in Fly or Google.

You can check whether Fly has done its bit by connecting to your app instance by running fly ssh console from the folder your fly.toml file is in. That should load you into the vm, and then run e.g echo $SEARCH_CONSOLE_PRIVATE_KEY. If that shows you your private key, well Fly’s bit is done at that point. You provided an environment variable, and in turn Fly passed it to the vm when it booted. Beyond that point, it’s down to what you do with it in your code/SDK.

On the other hand if the value is not shown, well yes, that would be an issue with how the secret is being passed in. In which case check out what @ignoramous suggests about loading it from a file instead.


Yes the both Private and Email are showing as they were entered and without " ". So the values are passed on correctly. Guess its not on anymore but the developer side.

also the value I posted above is was 5% of the actual keys so its safe.

Thanks again guys. I’ll try checking through the coding part for the issue and update here once it starts working. Im really impressed with the active community.

1 Like

Even if you’re sure that its just the 5% of it, it is a good idea to rotate. See: Recovering a full PEM Private Key when half of it is redacted | CryptoHack Blog

1 Like

You are right. I just deleted the key. now running with a new one. this is still ongoing. will update :smiley:

@ignoramous @greg As I promised I’ll update this thread if this is resolved. This has been resolved. seems like implementation of script was at domain Level while I was running at url level. I had to verify the domain in Google Search Console using DNS and it sorted the issue. Your provided steps were correct for entering the keys.

Thanks again guys. :slight_smile: