Syncing Secrets Between Pulumi and Fly

I manage a bunch of infra via Pulumi, and am steadily migrating more microservices over to Fly. Unfortunately, it seems like progress on the Pulumi provider for Fly has been put on hold (link1, link2).

This is my current workflow:

  1. Update any secrets managed by Pulumi
  2. Run pulumi up
  3. Update any changed secrets for Fly
  4. Run fly deploy

Does anyone have suggestions on a better workflow, in lieu of a working Pulumi provider for Fly? In terms of DX, I don’t need a full Pulumi integration - just being able to sync secrets would save a ton of hassle and reduce the surface for human error.

Solutions I’ve considered:

  • Using a hosted secrets manager like Doppler, and pulling secrets as needed by both Pulumi and Fly. This seems like a hassle though, and would really prefer not using another service.
  • Adding a hacky routine at the end of my Pulumi script to re-import all secrets into fly by using the fly CLI (via child_process).

Would appreciate any thoughts on improving the DX here!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.