Stats
Actions
Tags
From flyio-pack
Implements Fly.io security best practices: encrypted secrets, scoped deploy tokens, automatic TLS certs, private networking. Includes CLI examples and checklists for secure deployments.
How this skill is triggered — by the user, by Claude, or both
Slash command
/flyio-pack:flyio-security-basicsThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Security practices for Fly.io: encrypted secrets management, private networking (6PN), TLS certificate management, deploy token scoping, and WireGuard VPN access.
Security practices for Fly.io: encrypted secrets management, private networking (6PN), TLS certificate management, deploy token scoping, and WireGuard VPN access.
# Set secrets — encrypted at rest, injected as env vars
fly secrets set API_KEY="sk_live_..." DB_PASSWORD="..." -a my-app
# List (values hidden)
fly secrets list -a my-app
# Unset
fly secrets unset OLD_API_KEY -a my-app
# Import from .env file
fly secrets import < .env.production
Key rules:
fly.toml [env] (those are plaintext)# Per-app deploy token (minimal scope for CI/CD)
fly tokens create deploy -a my-app
# Use in CI: FLY_API_TOKEN=$DEPLOY_TOKEN fly deploy
# Org token (broader scope — avoid if possible)
fly tokens create org
# Read-only token (monitoring only)
fly tokens create readonly -a my-app
# Add custom domain
fly certs add api.example.com -a my-app
# Check certificate status
fly certs show api.example.com -a my-app
# Fly manages Let's Encrypt certificates automatically
# Force HTTPS in fly.toml:
[http_service]
force_https = true
# Apps in same org communicate via .internal DNS (encrypted WireGuard mesh)
# No public internet exposure needed for internal services
# Access internal services from local machine via WireGuard
fly wireguard create
# Then connect: my-app.internal:3000
fly secrets, not [env]force_https = true in fly.toml.internal DNS, no public portsFor production readiness, see flyio-prod-checklist.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin flyio-packDeploy, configure, and manage applications on the Fly.io platform using flyctl CLI, fly.toml configuration, Fly Machines, Fly Volumes, private networking, secrets, health checks, autoscaling, and GitHub Actions CI/CD. Use when deploying any application to Fly.io, writing or modifying fly.toml configuration, managing Fly Machines or Volumes, configuring networking (public services, private 6PN, Flycast, custom domains, TLS), setting secrets, configuring health checks, setting up autostop/autostart or metrics-based autoscaling, deploying with GitHub Actions, managing Fly Postgres databases, or preparing an app for production on Fly.io.
Provides quick reference for Fly.io PaaS deployments including fly.toml config, global distribution, scaling patterns, secrets management, health checks, and troubleshooting. Auto-loads on fly.toml detection.
Deploys, scales, and manages Fly.io apps: configure fly.toml, run flyctl for secrets/regions/lifecycle, handle Docker builds and multi-region scaling.