Another question — Is there any solution for choosing Fly Secrets to be added to specific containers? I have a few different containers which need access to different secrets, and it would be really nice to be able to specify which secrets get imported via either fly.toml or the docker-compose. I some ideas being tossed around in this thread but it didn’t seem like anything was settled on.
[Update]: It seems to be worse than I thought. Fly appears to overwrites the environment variables based on its own rules as described here, which would be entirely fine and reasonable if I could configure which secrets get passed to each container (even just passing all of them to every container would work for my current use case). But since I can’t, I tried falling back to passing env secrets like normal via an env_file param in my docker-compose, but Fly overwrites those unless I put them in my fly.toml. Storing actual secrets in fly.toml is obviously a non-starter. The only other way I can see around is adding the secrets at build time, but as my previous comment mentioned, you can only build one container at a time right now.
I think I’m finally stuck — anybody have ideas on how to get secrets securely into multiple containers when using this new docker-compose setup?
[Update 2]: Doh I was overlooking the obvious alternative of sneaking my .env files on in a volume and then adding an init script to set them at startup. That method should be good enough to allow my experimentation here to continue, but there should really be a solution to this from Fly.