a month ago
I’m building a SaaS on top of Railway and I’m trying to design things correctly from a data-privacy and trust perspective.
One concern I’m thinking through is the fact that, as the Railway project owner, I can still access running services via the Railway CLI (shell / exec access).
Technically this means I could inspect containers or access customer data, even though I obviously don’t intend to.
I understand this is similar to how platforms built on AWS/GCP work, but I want to follow best practices and design my system so that customer trust does not rely purely on my personal promises.
My questions:
1. What are the recommended patterns on Railway for platform builders who want to minimize or operationally restrict their own access to customer workloads?
2. Are there any Railway roadmap features or permission models intended for multi-tenant/platform use cases where operators should not casually access runtime containers?
My goal isn’t to eliminate infra-level access entirely (I know that’s unrealistic), but to align with industry practices where access is rare, auditable, and unnecessary by design.
Would love to hear how other people building platforms on Railway are handling this.
Thanks!
4 Replies
a month ago
Railway offers Environment HIPAA, Audit Logging, RBAC that would solve the security stuff you want but they are only available as addons on the entreprise plan, ( you don't need that ).
What you can do is, encrypt the data before storing it, store the encryption keys outside of railway, use custom keys per user ( so even if someone was able to get a key it would only be for 1 user and not all ), you can encrypt stuff in the browser/client before it reachs the server...
At the sate you are, the privacy problems aren't really problems, just encrypt stuff that you think need encryption and later on, if you actual start getting costumers, revenue... then look at more features ( in this case in the enterprise plan )
a month ago
you are overthinking ( this coming from a person that overthinks alot )
diogoribeirodev
Railway offers Environment HIPAA, Audit Logging, RBAC that would solve the security stuff you want but they are only available as addons on the entreprise plan, ( you don't need that ).What you can do is, encrypt the data before storing it, store the encryption keys outside of railway, use custom keys per user ( so even if someone was able to get a key it would only be for 1 user and not all ), you can encrypt stuff in the browser/client before it reachs the server...At the sate you are, the privacy problems aren't really problems, just encrypt stuff that you think need encryption and later on, if you actual start getting costumers, revenue... then look at more features ( in this case in the enterprise plan )
a month ago
The GraphQL API allows you to manage projects, services, environment variables, and API keys as well.
a month ago
More people should do Zero Access encryption or (or even End-to-end encryption) for private data if possible, we'd have less surveillance and less data breaches.
But I understand that it's just not a priority for most things and easy to mess up.
Someone should make it stupidly easy to integrate, thanks for the project idea.