Ref: Best practice for build-time secrets? - #6 by rubys
Not sure why, but I will say that your yaml looks okay to me. We use workflow-level env vars with the env. context (code), instead (no reason why the way you did wouldn’t work).
flyctl deploy
--image-label ${{ env.GIT_HEAD }}
--config ${{ env.FLY_TOML }}
--strategy ${{ env.FLY_DEPLOY_STRAT }}
--verbose
(not kurt)
Yes, in the [env] section of the toml for runtime env vars (docs).
For build-time secrets refer: RAILS_MASTER_KEY environment variable not getting fetched - #2 by ignoramous
See also fly secrets set: How to include `fly-log-shipper` in a project? - #2 by ignoramous