Home Original page

Use dotenvx with Fly | dotenvx

Use dotenvx with Fly

Install the necessary web server libraries in the language of your choice.

Create a simple Hello World program.

Create Dockerfile.

Create .dockerignore.

Create fly.toml.

Commit that to code and deploy it to Fly.

Once deployed, your app will say 'Hello [blank]' as it doesn't have a way to access the environment variable yet. Let's do that next.

Install dotenvx in your Dockerfile and prepend your app command with dotenvx run --.

Create .env.production in the root of your project.

Your .env.production file is now encrypted, and you have a .env.keys file.

You SHOULD commit .env.production to code. It is now encrypted, safe, and recommended to do so. But DO NOT commit .env.keys to code. Keep them somewhere safe like 1password or dotenvx ops.

We're ready to inject the encrypted .env.production secrets into the app on boot.

Set DOTENV_PRIVATE_KEY_PRODUCTION on Fly using the production key in your .env.keys file. We'll use the fly cli, but you can also use their dashboard.

Redeploy.

Your app restarts and env is successfully injected using the encrypted contents of .env.production.

Visit your url and it says Hello production.

You succesfully add encryption to your .env files. This is safer than scattering your secrets across third-party platforms and tools. When you need to update a secret, run dotenvx set KEY value and redeploy.

Great job! That's pretty much it. See the bonus section(s) below to go a little deeper.

Try changing the value of .env.production to your name.

Commit .env.production safely to code and redeploy.