Importing secrets from a deployed app into a newly created one

Hi there!

Is there a way to import secrets from a running app into a newly created one using the CLI?

Use case: per branch deployments in our CI/CD pipeline.


Not quite sure what you mean by import from a running app into a newly created one … The problem is secrets are stored encrypted. The API can’t decrypt them to get them back out again, if that’s what you mean by “from”. Check their docs for a bit more about how they work behind the scenes:

But if you are simply looking to set secrets using the CLI, sure, that’s totally do-able:

Changing the secrets will trigger a new release. As you’d need since the app would need to know the new values.

1 Like

Not possible with flyctl unless (as Greg pointed out) you somehow know the secrets (both keys & values) to set.

One way is to retrieve them from the VM itself:

  1. flyctl ssh -a <app1> into a random (well, closest) VM running <app1>.
  2. printenv or echo $secret_name.
  3. Note down all secret keys/values you want exported in to another Fly app, <app2>.
  4. flyctl secrets set k1=v1 k2=v2 ... -a <app2> --detach which should trigger a deployment with these secrets imported.