Can't get secrets (at first) as env variables with Django

Hi,

Just tried fly.io for the first time yesterday sorry in advance.

Locally I’m using django-environ, it reads from my .env and populate os.environ but since it has some api keys I’m putting it inside a .dockerignore and it’s thus not available when running fly deploy.

To securely access them I thus run flyctl secrets import < .env, the problem is that when the commands from the Dockerfile are executed when it finally executes python manage.py collectstatic an ImproprelyConfigured error happens when trying to access the first env variable although this one is listed with flyctl secrets list. Printing os.environ will not print the standard fly env variables like FLY_APP_NAME either.

I thus removed the .env from .dockerignore, everything went logically fine and printing os.environ later on gives me the fly secrets variables like FLY_APP_NAME alongside with the ones manually set with fly secrets set.

So my question is : Why can’t I access Fly’s secrets early on when running python manage.py collectstatic for the first time and what’s the solution ?

I tried setting --build-args and build-secrets flags with fly deploy but it didn’t work.

Thanks in advance.

Edit : That only happens when using buildpacks with a Dockerfile generated by Fly, when using my own Dockerfile almost similar to the later Secrets are directly available and everything works fine

Hi @heroed,

One step that may not be obvious is that you need to include a command in your Dockerfile to mount the secret. @fideloper-fly explains more here: Fly Secrets not populated during build - #16 by dreday

A relevant Docker doc:

Let us know if that doesn’t help!

I tried deploying via Docker and not via the auto Django detection, my Dockerfile is almost identical to the one automatically generated by fly and it worked without mounting the secrets, any reasons ?

I prefer using my own DockerFile anyway but will read the linked topic. Thanks.

Hey @heroed can you share your dockerfile ? I am having a similar issue and looking at yours might help

Sorry for the late response, here is a stripped down Dockerfile with the bare minimum :

FROM library/python:3.10.5-slim-bullseye

RUN apt-get update \
    # dependencies for building Python packages
    && apt-get install -y build-essential \
    # psycopg2 dependencies
    && apt-get install -y libpq-dev \
    && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
    && rm -rf /var/lib/apt/lists/*

    

WORKDIR /usr/src/app


COPY ./requirements.txt ./requirements.txt 

RUN pip install --no-cache-dir -r requirements.txt \
    && rm -rf requirements.txt

COPY . . 

CMD ./runserver.sh 

with runserver.sh being :

#!/bin/bash

python manage.py collectstatic --noinput

python manage.py makemigrations
python manage.py migrate

gunicorn YourApp.asgi:application -k uvicorn.workers.UvicornWorker