Secrets are staged for the first deployment

➜  Projects fly secrets set -a app-name APP_SECRET='redacted'
Secrets are staged for the first deployment%
➜  Projects fly status -a app-name
App
  Name     = app-name
  Owner    = organisation
  Hostname = app-name.fly.dev
  Image    = app-name:deployment-01GY7MKRNEQJ4882KASV6D4H1N
  Platform = machines

Machines
ID            	PROCESS	VERSION	REGION	STATE  	HEALTH CHECKS	LAST UPDATED
3d8d9997f79578	web    	2      	fra   	started	             	2023-04-17T13:22:00Z

This should not be possible, right? I ran a deploy, set some secrets. Now I am trying to set some more secrets and it says “staged for first deployment”. What? I already have version 2 running

Something else I noticed:

fly status --watch isn’t working as expected. When running it, the whole screen gets cleared (makes sense). But then only the last line of the output is shown:

image1912×718 42.4 KB

To actually see the output, you need to scroll up. After scrolling up, subsequent output is dumped right after it:

image1920×3003 216 KB

I’ve tested this with a couple of apps and this only seems to be a problem in v2 apps

Good catch on fly status --watch. This PR should fix it: Make 'fly status --watch' usable for Machines by pborzenkov · Pull Request #2098 · superfly/flyctl · GitHub

Machines apps stage secrets changes until you run a deploy. The deploy process updates secrets, we don’t implicitly start a deploy when you change them anymore.

Future versions of secrets will actually require a two step process: set them in our secrets storage, then update fly.toml to reference them as env vars. We can probably automate this when flyctl does it, but we’re still probably not going to trigger a deploy.

ahhhh, makes sense actually.

Would it be an idea to change the message then?

It says: “Secrets are staged for the first deployment” which confused me, because the first deployment already happened.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.