I’m trying to deploy, and I keep seeing messages like “Key missing” after bundle exec rails assets:precompile.
I tried adding my environment variables to the [env] section (fly.toml). Also loaded the keys from a file:
cat .env.fly | fly secrets import
I don’t know how to proceed. It looks like the app doesn’t see the environment variables.
You can instrument to log into shell and printenv to see if the vars are set as approp prior to the step resulting in exec failure.
Also, vars set with Fly secrets will override env set with fly.toml. A word of caution: At runtime, even though secrets are set in env vars, they aren’t quite the same thing.
If you are looking to import longer secrets (such as tls cert/key pairs), ref: How are you managing cert files with Fly? - #16 by michael
Hello. I tried fly ssh console but:
$ fly ssh console
Update available 0.0.382 -> v0.0.383.
Run "fly version update" to upgrade.
Error host unavailable: host was not found in DNS
And
$ flyctl ips private
Update available 0.0.382 -> v0.0.383.
Run "flyctl version update" to upgrade.
ID REGION IP
On the app dashboard, I can see the secrets present.
is the error in the deploy (build) phase or after deployment?
Build time secrets need a bit more work: Build Secrets · Fly Docs
It’s my first deployment. It’s a Rails 2.7 app with a few initializers to set up a Zoom API, Sentry, Skylight, etc.). Unfortunately, the zoom API library I use won’t allow the deployment to move on and raises an exception when running bundle exec rails assets:precompile
#23 4.015 Zoom::ParameterMissing: [:api_key, :api_secret]
#23 4.015 /app/vendor/bundle/ruby/2.7.0/gems/zoom_rb-1.1.3/lib/zoom/params.rb:14:in `require'
#23 4.015 /app/vendor/bundle/ruby/2.7.0/gems/zoom_rb-1.1.3/lib/zoom/clients/jwt.rb:9:in `initialize'
#23 4.015 /app/vendor/bundle/ruby/2.7.0/gems/zoom_rb-1.1.3/lib/zoom_rb.rb:35:in `new'
#23 4.015 /app/vendor/bundle/ruby/2.7.0/gems/zoom_rb-1.1.3/lib/zoom_rb.rb:35:in `new'
#23 4.015 /app/config/initializers/zoom.rb:6:in `<main>'
ssh won’t work since there is no VM to login into.
You could printenv (runtime secrets) in the dockerfile with CMD, I guess. Anywho…
Is the bundle exec... step a build step? If so, as pointed out by @fideloper-fly, you may need to set build-time secrets to configure the Zoom API (regular Fly secrets are runtime-only).
@jsierles is the resident RoR expert. Tagging them, just in case…
Ah, I literally just posted a similar issue myself. Build-time vs runtime-only… Interesting, coming from Heroku, env vars are one and the same and are used throughout the whole flow/process.
I came here to find the same thing. My issues are being caused by not have env variables available at build time. Having to pass in the pile of secrets is going to be fun. Will have to do some research.
Feels a little off to me. Not sure it’s going to allow for a very seamless deployment flow like we had on Heroku - they really nailed it on that front…
I have a LOT of apps to port over and need to find the right solution that’ll require as minimal fettling as possible per deployment.
I think I understand the issue. According to Build Secrets · Fly Docs I need to mount a secret into my Dockerfile using the RUN command. But my docker knowledge is almost zero, and I don’t know where that command comes from.
How many secrets do your builds need?
You can run --build-arg ENV_VAR1=${ENV_VAR1} to set build time environment variables. If you’re doing deploys from GitHub Actions or another CI, it should be reasonably straightforward to script something up that passes a whole bunch all at once.
We designed the secrets this way intentionally. Admittedly, we didn’t expect Heroku to drive away their users, or we’d have done some work to make this part smooth. 
@kurt I’m not trying fly because of heroku.
I tried fly deploy with --build-arg and --build-secret with sed -e '$ ! s/$/,/g' .env.fly | tr -d '\n' that mainly gets my .env.fly and joins with comma. But no luck.
What is the format is .env.fly? I think you’ll need one --build-arg per environment variable you want to set.
Across 150+ Heroku apps, each with 20-30 secrets… that’s a lot of manual work and I won’t be able to port to Fly just yet.
Granted, the Heroku announcement was only a few days ago and you’re on the back foot to help us all out. Think you’ll be able to accomodate us all with a smoothly migration flow in the coming weeks? I think we have until the end of November to migrate!
Cheers!
@rikki I’m pretty sure that we can build a shell command to help. I just need to figure out how to build the commands.
@kurt is a normal .env the rails way:
ZOOM_API_KEY=123
ZOOM_API_SECRET=456
etc
@pama - while doable, it doesn’t seem practical unless we can use the fly secrets as the source.
In Heroku, the env vars are the single source of truth for the production app (or staging/pr-review apps). Having to deploy with these same vars or have them elsewhere (e.g. GitHub actions) will quickly let things drop out of sync.
Hopefully I’m mistaken, but at this stage it seems the deployment process is going to be a lot more involved than what Heroku devs are used to.
Try putting the following into lib/tasks/fly.rake:
namespace :fly do
task :init => 'assets:precompile' do
sh 'bin/rails server'
end
end
Modify fly.toml to set SERVER_COMMAND = "bin/rails fly:init".
Remove the following from Dockerfile:
RUN bundle exec rails assets:precompile
I tried with:
fly deploy --build-arg ZOOM_API_KEY="***" --build-arg ZOOM_API_SECRET="***"
and a few other variations, and I keep getting the same “key missing” issue.
The documentation lacks examples, or I couldn’t find them, and I’m not sure if the arguments are correctly built.
I’ll give this a try now, I think I still have a ported over app on Fly that’s failing at this build step issue. Will report back. Thanks @rubys!
@rubys that seems a good tip and I was able to move on and see that the server variables are there when performing the rails migration, however, it failed when running the server command. Maybe because the way I built the command:
[env]
SERVER_COMMAND = "bin/rails fly:init && bundle exec puma"
How can I concatenate commands?