Read fly secrets during Docker build

Is there a way to read fly secrets when doing fly deploy --dockerfile? My Sveltekit app needs to burn-in some of the variables:

RollupError: "API_URL" is not exported by "$env/static/private", imported by "src/routes/pools/[poolID]/photos/+server.ts".

Check out Build Secrets · Fly Docs.

@ray-chen that’s helpful! However I’m still unsure if I can do that with what’s in my fly secrets.

Ah sorry! I misread.

I’m not sure if there’s a way for you to access Fly secrets in the builder. There is no straightforward way to retrieve the secret value in plaintext, & they’re only available to apps at run-time.

Perhaps someone else with more knowledge can help! :slight_smile:

1 Like

If you haven’t considered flyctl to siphon off secrets, then:

# assuming flyctl auth is done and flyctl ssh token has been issued
flyctl ssh console -a myapp -C "printenv secret-name"

You shouldn’t but you can, so why not? But don’t. (:

1 Like

Thanks for the suggestion. I’ve changed it to dynamically read the ENV var, instead of requiring it at build time.

1 Like

I think it’s possible that you’re looking for thisBuild Secrets · Fly Docs

1 Like

This looks like it will probably work, but it’s such a hassle that I’m not sure I want to invest the time, and it’s preventing me from using fly for my SvelteKit app, when I really want to.

The ephemeral machine script is a cool hack, but the whole flow seems way awkward and the final resulting command quite verbose.

Can this get introduced into the fly UX in some cohesive way?

1 Like