Is there a way to read fly secrets when doing fly deploy --dockerfile? My Sveltekit app needs to burn-in some of the variables:
RollupError: "API_URL" is not exported by "$env/static/private", imported by "src/routes/pools/[poolID]/photos/+server.ts".
Check out Build Secrets · Fly Docs.
@ray-chen that’s helpful! However I’m still unsure if I can do that with what’s in my fly secrets.
Ah sorry! I misread.
I’m not sure if there’s a way for you to access Fly secrets in the builder. There is no straightforward way to retrieve the secret value in plaintext, & they’re only available to apps at run-time.
Perhaps someone else with more knowledge can help! 
If you haven’t considered flyctl to siphon off secrets, then:
# assuming flyctl auth is done and flyctl ssh token has been issued
flyctl ssh console -a myapp -C "printenv secret-name"
You shouldn’t but you can, so why not? But don’t. (:
Thanks for the suggestion. I’ve changed it to dynamically read the ENV var, instead of requiring it at build time.
I think it’s possible that you’re looking for thisBuild Secrets · Fly Docs
This looks like it will probably work, but it’s such a hassle that I’m not sure I want to invest the time, and it’s preventing me from using fly for my SvelteKit app, when I really want to.
The ephemeral machine script is a cool hack, but the whole flow seems way awkward and the final resulting command quite verbose.
Can this get introduced into the fly UX in some cohesive way?