Running an application often involves a number of credentials, containing such things as database passwords, S3 buckets, and session encryption keys.

During development you will typically use environment files. For security reasons, these files are generally excluded from being committed to version control or being deployed to production.

This means that you need another mechanism for setting up your production environment. For, that mechanism is secrets.

There are two ways to set secrets. You can use the fly secrets set command:


Or you can import your dotenv file wholesale using fly secrets import:

fly secrets import < .dotenv

Both commands will restart your application if it has previously been deployed. Pass the --stage option if you would rather deploy these changes later.

Once deployed, your application can access secrets using process.env, Deno.env, or Bun.env.