Fly.io Deployment

This guide explains how to deploy CipherStash CipherStash Proxy to Fly.io.

You will be deploying the cipherstash/cipherstash-proxy docker container to Fly.io and assumes you have already configured and tested your CipherStash Proxy instance. If you haven't already done so, please follow the Getting Started guide.

Steps to Deploy

1. Install and Log in to Flyctl

Before starting, make sure you have Flyctl, the CLI tool for managing apps on Fly.io, installed on your machine. If you haven't already installed it, you can find the installation guide on Fly.io. Once installed, log in to your Fly account.

1fly auth login

2. Preparing the project

You will need to create a directory with the following files:

  • Dockerfile
  • cipherstash-proxy.toml
1mkdir flyio-cipherstash-proxy
2cd flyio-cipherstash-proxy
3touch Dockerfile cipherstash-proxy.toml

Note: The cipherstash-proxy.toml file is used as a placeholder, as we will be using environment variables to configure the CipherStash Proxy instance.

2.1 Init fly.io

You will need to use the flyctl init command to initialize the Fly.io project. This command will generate a fly.toml file that will be used to configure the Fly.io project.

1flyctl init

3. Configuring the Dockerfile

The Dockerfile is used to build the image that will be deployed to Fly.io. The following is the contents of the Dockerfile you'll use:

1FROM cipherstash/cipherstash-proxy:latest
2EXPOSE 6432
3COPY cipherstash-proxy.toml /etc/cipherstash-proxy/cipherstash-proxy.toml

4. Configuring Fly.io

The following is the contents of the fly.toml file you'll use:

1app = "cipherstash-proxy"
3# Set the region based on your preference
4primary_region = "ord"
9internal_port = 6432
10protocol = "tcp"
11auto_stop_machines = false
12auto_start_machines = false
13min_machines_running = 1
15port = 6432
18cpu_kind = "shared"
19cpus = 1
20memory_mb = 1024

5. Setting up Environment Variables

You will need to set the following environment variables:


You can set these environment variables using the flyctl secrets set command:

1flyctl secrets set MY_SECRET=romance

You will need to replace the placeholders with your actual values.

6. Deploying to Fly.io

You can now deploy your app to Fly.io using the flyctl deploy command:

1flyctl deploy

7. Reserving a Static IP Address

Since you will be using a non-standard port, you will need to reserve a static IP address for your app. You can do this using the flyctl ips reserve command:

1fly ips allocate-v4 --app cipherstash-proxy

8. Accessing Your App

CipherStash Proxy will be running on port 6432 and you can access it using the static IP address you reserved in the previous step. You can now configure your application to connect to CipherStash Proxy using the following connection string:



By following these steps, you should have successfully deployed CipherStash Proxy to Fly.io. For detailed steps and further information, you can refer to Fly.io's official documentation.

With the CipherStash Proxy in place, you can now use the entire CipherStash product suite to secure your data:

  • CipherStash Audit: Audit your database queries and data access logs.
  • CipherStash Encrypt: Encrypt your data at rest and in transit.
  • CipherStash Identify: Identify and mask sensitive data in your database. (Coming soon!)