How are you managing cert files with Fly?

Not rocket-science but, noting the base64 / from_a_file trick down here for anyone else in the same boat as us:

# key/cer are typical outputs from clients like acme.sh
# encode with newlines removed
base64 -w0 /path/to/key > /out/to/key
base64 -w0 /path/to/cer > /out/to/cer
# import secrets into a fly app (this triggers a redeployment)
fly secrets set TLS_KEY=- < /out/to/key -a <app-name>
fly secrets set TLS_CER=- < /out/to/cer -a <app-name>

// in your app, decode the secrets as standard base64
key := base64.RawStdEncoding.DecodeString(os.Getenv("TLS_KEY"))
cer := base64.RawStdEncoding.DecodeString(os.Getenv("TLS_CER"))

# if in a single file
B64NOWRAP_KEY="$(base64 -w0 /path/to/key)"
B64NOWRAP_CRT="$(base64 -w0 /path/to/cer)"

FLY_TMP="$(mktemp -d)"
FLY_DOTENV="$FLY_TMP/.env"

echo "KEY=$B64NOWRAP_KEY" > FLY_DOTENV
echo "CRT=$B64NOWRAP_CRT" >> FLY_DOTENV
fly secrets set TLS_KEYCER=- < FLY_DOTENV -a <app-name>

// decode the secrets as standard base64, then split against new-line char
envkeycer := base64.RawStdEncoding.DecodeString(os.Getenv("TLS_KEYCER"))

Hi all, found this issue when I started looking at Fly.io.

I need bunch of certificates, config files (containing secrets) etc. to show up in my containers. Since Fly only allows secrets in env vars and I did not want to manually encode, decode everything etc., I wrote a simple tool to take care of this:

It is very simple and minimal, but hope you find it useful:)