10 days ago
I am building an authorization system using FastAPI + SpiceDB.
SpiceDB is running on Railway, and I need to connect to it from my local FastAPI development environment.
I am looking for best practice architecture recommendations for exposing or accessing SpiceDB gRPC securely from outside Railway.
Any advice on production architecture is welcome.
1 Replies
Status changed to Awaiting Railway Response Railway • 10 days ago
8 days ago
Hey,
I'd recommend to not expose SpiceDB publicly at all. Keep it private inside Railway and let only your deployed FastAPI service talk to it over private networking. That's the best way to do it in prod.
If you REALLY need to access SpiceDB directly from outside railway, I'd make sure to use a secure tunnel at least. But I wouldn't recommend that.