Different secrets for each process group

Are there plans to support setting separate secrets for different process groups instead of applying the secrets to the entire app? For instance, if I want to have a single Fly app but need different AWS_* secrets for our web app and data processing app on Tigris. This is to ensure that the web app cannot access the processed data stored on Tigris.

That sounds interesting but I would think separating the data processing machine into it’s own app would be more natural to take advantage of apps as the first natural boundary between all resources. Unless constraint that is getting in the way of that?

Yeah, I was assuming this may push me to multiple apps. I’m just trying to see if it’s possible to keep everything simplified with a single app. I’ve tried both approaches so far, and love being able to automatically pick the top level fly.toml for my commands and do a single deploy command for everything. Downsides so far are:

  • I had to swap http_service with multiple services in order to host multiple web apps at different ports, with custom routing via CloudFlare.
  • This secrets issue
  • Inability to specify a Dockerfile per process group
1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.