Our API doesn’t have access to the contents of secrets. When you set a secret through the API, we seal it in a software HSM, to which our API server has no access (we currently store an authenticator tag of the secret so you can match them up between apps, but I’m dubious about the value of this feature and lobbying to get rid of it).
You can, of course, recover secrets by SSH’ing into an app, or, for that matter, deploying a new version of your code that simply logs the secret in plaintext; at the end of the day, something has to be able to see the secret, even if I would prefer that we implement pure write-only secrets instead. 
What you should expect from us moving forward is work on tightening secrets even further, both by restricting who can SSH to things (that’s coming soon!) and also by tightening the default environment an SSH session drops you into. The goal is to make it difficult to casually recover^H^H^H^Hexfiltrate a secret, bearing in mind that the primary thing people do with Fly.io is deploy new code on it, and code is generally always going to get secret access.