Would it be possible to specify build and regular secrets as filepaths in fly.toml
Thinking something like
[secrets]
DATABASE_URL="./pg.secret"
[secrets.build]
TS_AUTH_KEY="./tailscale.secret"
For simple setups this would let people run fly deploy in a repo with gitignored secrets and get a very simple on ramp to docker secrets.
For more involved setups, the builds could be run on a build server with a managed secrets mount with ephemeral keys on it.
I find threading lots of secret arguments in a deploy command is pretty error prone, its easy to forget to update (especially in CI), and it the command can easily get very long even in simple set ups.