Protection Coverage
Fly.io
Protection patterns for Fly.io CLI operations including app destruction, secrets, volumes, and Postgres
The flyio check group covers destructive Fly.io CLI operations. Both fly and flyctl command names are supported.
Fly.io checks
Destroy app
| ID | flyio:apps_destroy |
| Severity | Critical |
Destroying a Fly.io app permanently removes it and all its resources including machines, volumes, and IPs.
# Triggers
fly apps destroy
fly apps destroy my-app
fly apps destroy my-app --yes
flyctl apps destroy my-app
# Does NOT trigger
fly apps list
fly apps create my-appUnset secrets
| ID | flyio:secrets_unset |
| Severity | High |
Removing secrets can break running applications that depend on them.
# Triggers
fly secrets unset MY_SECRET
fly secrets unset SECRET1 SECRET2
flyctl secrets unset MY_SECRET --app my-app
# Does NOT trigger
fly secrets list
fly secrets set MY_SECRET=valueDestroy volumes
| ID | flyio:volumes_destroy |
| Severity | High |
Destroying a volume permanently deletes all data stored on it.
# Triggers
fly volumes destroy vol_abc123
fly volume destroy vol_abc123
flyctl volumes destroy vol_abc123
# Does NOT trigger
fly volumes list
fly volumes createDestroy Postgres cluster
| ID | flyio:postgres_destroy |
| Severity | Critical |
Destroying a Fly Postgres cluster permanently deletes the database and all its data.
# Triggers
fly postgres destroy
fly postgres destroy my-pg-cluster
flyctl postgres destroy my-pg-cluster
# Does NOT trigger
fly postgres list
fly postgres createSummary table
| ID | Command | Severity |
|---|---|---|
flyio:apps_destroy | fly apps destroy | Critical |
flyio:secrets_unset | fly secrets unset | High |
flyio:volumes_destroy | fly volumes destroy | High |
flyio:postgres_destroy | fly postgres destroy | Critical |