23 days ago
I’m trying to use Google Cloud Workload Identity Federation from a Railway service so the service can call a private Google Cloud Run backend without using a Google service account key.
Inside the running Railway service, I checked common env vars and token file paths, but did not find any workload OIDC token.
Does Railway currently expose a workload/service identity OIDC token to deployed services? If yes:
- what environment variable or file path contains it?
- what is the issuer?
- what audience should be configured?
- is there a stable subject claim format per service/environment?
I’m not asking about “Login with Railway” user OAuth; I’m asking about workload identity for a deployed service.
1 Replies
23 days ago
We do not currently provide workload identity OIDC tokens to running services. The only OIDC support we offer is Login with Railway, which is user-facing OAuth, not workload identity. The full list of environment variables injected into deployments is in our variables reference, none of which include an identity token or token file path.
Status changed to Awaiting User Response Railway • 23 days ago
16 days ago
This thread has been marked as solved automatically due to a lack of recent activity. Please re-open this thread or create a new one if you require further assistance. Thank you!
Status changed to Solved Railway • 16 days ago