I manage a bunch of infra via Pulumi, and am steadily migrating more microservices over to Fly. Unfortunately, it seems like progress on the Pulumi provider for Fly has been put on hold (link1, link2).
This is my current workflow:
- Update any secrets managed by Pulumi
- Update any changed secrets for Fly
Does anyone have suggestions on a better workflow, in lieu of a working Pulumi provider for Fly? In terms of DX, I don’t need a full Pulumi integration - just being able to sync secrets would save a ton of hassle and reduce the surface for human error.
Solutions I’ve considered:
- Using a hosted secrets manager like Doppler, and pulling secrets as needed by both Pulumi and Fly. This seems like a hassle though, and would really prefer not using another service.
- Adding a hacky routine at the end of my Pulumi script to re-import all secrets into fly by using the fly CLI (via
Would appreciate any thoughts on improving the DX here!