How to handle secrets stored in external secret store

Hi :wave:,
I am wondering what is the best way to handle secrets/parameters if you don’ t want to use fly for this since you already have them stored in another secret store. We use AWS Parameter Store and the CI to downloads the secrets for each deployment. Currently I set all the secrets for the project before I deploy it but would it be also possible to just provide the secrets to each deployment using the --env flag, is that save to do?

Thanks for making fly such an awesome tool!

PS: Is there any plans to support pulumi or similar tools any time soon?

Hi @enrico

Have you considered storing an AWS Key in the fly secrets then loading your app secrets from AWS Parameter Store at boot time using the AWS Key?