I manage a bunch of infra via Pulumi, and am steadily migrating more microservices over to Fly. Unfortunately, it seems like progress on the Pulumi provider for Fly has been put on hold (link1, link2).
This is my current workflow:
- Update any secrets managed by Pulumi
- Run
pulumi up - Update any changed secrets for Fly
- Run
fly deploy
Does anyone have suggestions on a better workflow, in lieu of a working Pulumi provider for Fly? In terms of DX, I don’t need a full Pulumi integration - just being able to sync secrets would save a ton of hassle and reduce the surface for human error.
Solutions I’ve considered:
- Using a hosted secrets manager like Doppler, and pulling secrets as needed by both Pulumi and Fly. This seems like a hassle though, and would really prefer not using another service.
- Adding a hacky routine at the end of my Pulumi script to re-import all secrets into fly by using the fly CLI (via
child_process).
Would appreciate any thoughts on improving the DX here!