How to create secrets via the machine API?

danielblignaut · April 16, 2025, 3:31pm

Hi,

I’m using this library in rust ( fly_sdk - Rust ). I’ve seen the author opened a thread in this forum but didn’t get an answer. this library uses the machine’s Rest API and specifically have the ability to call the create secret endpoint. However, I can invoke it with secret type such as SECRET_TYPE_KMS_HS256 however I’m specifically trying to create an app secret. Looking at the fly-go package / source code, I can see the “AppSecret” however the API responds saying this is an invalid secret type. What’s the correct value to use here? Otherwise shall i default to the GraphQL API?

//except from fly-go below
const (
// Secret types
AppSecret = “AppSecret”
VolumeEncryptionKey = “VolumeEncryptionKey”
SECRET_TYPE_KMS_HS256 = “SECRET_TYPE_KMS_HS256”
SECRET_TYPE_KMS_HS384 = “SECRET_TYPE_KMS_HS384”
SECRET_TYPE_KMS_HS512 = “SECRET_TYPE_KMS_HS512”
SECRET_TYPE_KMS_XAES256GCM = “SECRET_TYPE_KMS_XAES256GCM”
SECRET_TYPE_KMS_NACL_AUTH = “SECRET_TYPE_KMS_NACL_AUTH”
SECRET_TYPE_KMS_NACL_BOX = “SECRET_TYPE_KMS_NACL_BOX”
SECRET_TYPE_KMS_NACL_SECRETBOX = “SECRET_TYPE_KMS_NACL_SECRETBOX”
SECRET_TYPE_KMS_NACL_SIGN = “SECRET_TYPE_KMS_NACL_SIGN”
)

lillian · April 16, 2025, 3:59pm

unfortunately this isn’t possible at the moment, Machines API secrets endpoints are only for Fly KMS (not yet GA).

danielblignaut · April 16, 2025, 4:11pm

Thank you for the quick response. Is the graphql API available for external use? Is there anywhere we can introspect the schema?

rubys · April 16, 2025, 4:13pm

lillian · April 16, 2025, 4:33pm

flyctl is open-source. it uses our fly-go library to make graphql requests, you can find the ones specific to secrets here: fly-go/resource_secrets.go at main · superfly/fly-go · GitHub

system · April 23, 2025, 4:34pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.