fly secrets set: Usage & Common CI Errors
Set encrypted secrets your Fly.io app reads as environment variables.
fly secrets set stores encrypted secrets for a Fly.io app, exposed to the app as environment variables. By default setting a secret triggers a new release; --stage defers that until your next deploy.
What it does
fly secrets set KEY=value writes one or more encrypted secrets for the app and, by default, restarts the app to apply them. With --stage the secrets are saved but not released until the next fly deploy, which is the pattern for CI where you set secrets and deploy in one flow.
Common usage
# Set a secret (triggers a release by default)
fly secrets set DATABASE_URL=postgres://...
# Stage secrets without redeploying, then deploy
fly secrets set API_KEY="$API_KEY" --stage
fly deploy
# Set multiple at once for a specific app
fly secrets set A=1 B=2 --app myappCommon error in CI: not authenticated / app not found
secrets set fails with "Error: No access token available" or "Could not find App \"myapp\"". Fix: set FLY_API_TOKEN on the runner so flyctl is authenticated, and pass --app (or run in the directory with fly.toml) so the right app is targeted. In a deploy pipeline, use --stage so setting secrets does not kick off a separate release that races your fly deploy; the deploy applies the staged secrets atomically.
Key options
| Option | Purpose |
|---|---|
| KEY=value | Set a secret value |
| --stage | Save without an immediate release |
| --app NAME | Target app |
| secrets unset / list | Remove or list secrets |