Skip to content
Latchkey

fly secrets set: Usage & Common CI Errors

Set encrypted secrets your Fly.io app reads as environment variables.

fly secrets set stores encrypted secrets for a Fly.io app, exposed to the app as environment variables. By default setting a secret triggers a new release; --stage defers that until your next deploy.

What it does

fly secrets set KEY=value writes one or more encrypted secrets for the app and, by default, restarts the app to apply them. With --stage the secrets are saved but not released until the next fly deploy, which is the pattern for CI where you set secrets and deploy in one flow.

Common usage

Terminal
# Set a secret (triggers a release by default)
fly secrets set DATABASE_URL=postgres://...

# Stage secrets without redeploying, then deploy
fly secrets set API_KEY="$API_KEY" --stage
fly deploy

# Set multiple at once for a specific app
fly secrets set A=1 B=2 --app myapp

Common error in CI: not authenticated / app not found

secrets set fails with "Error: No access token available" or "Could not find App \"myapp\"". Fix: set FLY_API_TOKEN on the runner so flyctl is authenticated, and pass --app (or run in the directory with fly.toml) so the right app is targeted. In a deploy pipeline, use --stage so setting secrets does not kick off a separate release that races your fly deploy; the deploy applies the staged secrets atomically.

Key options

OptionPurpose
KEY=valueSet a secret value
--stageSave without an immediate release
--app NAMETarget app
secrets unset / listRemove or list secrets

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →