Railway services that need to access cloud provider resources (AWS S3, GCP Cloud Storage, etc.) currently require storing long-lived credentials as environment variables. This creates security risk.

Railway should add support for OIDC Federation as an OIDC Identity Provider (IdP) or another cloud provider access pattern, so that Railway can provision and expose a short-lived token.

Other platforms like Vercel already offer this: https://vercel.com/docs/oidc.

Previous discussions:
https://station.railway.com/questions/does-railway-support-oidc-7d29440a
https://station.railway.com/questions/oidc-enablement-aa54245c