Deploying Phoenix app directly to Fly from an open-source repo: a security concern?

NickJ · May 28, 2024, 12:02am

Hiya,

I am making an open-source Phoenix/Elixir text adventure bot for the people and I just wanna deploy it to Fly directly from the open-source repo via Github actions, with Fly.toml etc publicly visible; is there any reason I shouldn’t do this?

Does public knowledge of the contents of a Fly.toml for Elixir/Phx open our app up to any vulnerabilities?

Thanks y’all!

lubien · May 28, 2024, 12:15am

As long as you don’t put secrets as environment variables you should be good!

My open source Phoenix app has its toml displayed too: sorteios.lubien.dev

system · June 4, 2024, 12:16am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using new github Deployments appear to ignore Dockerfile elixir , launch-ui	11	67	December 17, 2024
Rebuilt hello_elixir app, updated docs, and a new "observer" script Phoenix	0	150	March 7, 2024
Phoenix Deployment Handbook (self-published) Phoenix example-app , elixir	1	1025	February 4, 2022
Deploy a non-phoenix TCP app Build debugging elixir , flyctl	0	14	January 12, 2025
Very easy migration of in-development Elixir/Phoenix app. Phoenix	4	374	September 15, 2021

Deploying Phoenix app directly to Fly from an open-source repo: a security concern?

Related topics