22 days ago
I use Railway for several projects. I am now working on switching some of my employer's hosted services onto railway, and, like many people, I am having issues managing multiple accounts.
Mainly, I have the company account set up and login by email, However the github app is leaking my own private repos into the railway org.
There seems to be a single railway app on Github, and is not scoped per railway account.
This is a major problem because it basically means **all of my various client's services are leaked across domains and into accounts that other employees have access to **
This is a deal breaking security issue. Is there a way to not import specific github orgs for one railway account and import those github orgs for a different railway account?
Or is it better to avoid railway for enterprise use/multiple company use cases
8 Replies
22 days ago
The GitHub App installation is tied to your GitHub account, not to individual Railway workspaces, so all repos it can access appear everywhere that GitHub account is connected. You can restrict which repos the app sees at github.com/settings/installations by switching to "Only select repositories," and for full separation, use distinct GitHub accounts or organizations for personal vs. company work.
Status changed to Awaiting User Response Railway • 22 days ago
22 days ago
I haven't even invited my Github account to this new Railway server and it has full access to all GitHub. There is no relationship or connection made to GitHub on this account and it seems to have crossed over from my other account magically.
account #1. Personal email + GitHub email
account #2: work email -- NO GITHUB EMAIL
both accounts have access to ALL GitHub repos. This is clearly a security issue / cross contamination of permissions
Status changed to Awaiting Railway Response Railway • 22 days ago
22 days ago
We only allow one account per person, so running two separate Railway accounts (personal + work) is not supported and can cause exactly this kind of cross-contamination. The recommended approach is to use a single Railway account with separate workspaces for personal and work contexts, and then scope the GitHub App to only the repos each workspace needs via github.com/settings/installations.
Status changed to Awaiting User Response Railway • 22 days ago
22 days ago
Workspaces is under one billing. Surely you must understand that many people do not have a single employer or a single client. In this case, it is because I like Railway so much that I am recommending it to my company, but not providing first class support for different accounts makes it a non-starter. I have no choice but to seek alternative solutions. Unfortunate
Status changed to Awaiting Railway Response Railway • 22 days ago
22 days ago
I need help. I cannot disconnect my personal Github from my companies access. Despite it being in a fresh email, fresh browser, NO GITHUB AUTHENTICATION. I need Github to be completely reset and removed
22 days ago
fyi It is on this account. Full GitHub access with zero authorization ever given. User above is not a member, no relationship whatsoever. Github access seems to have carried over to this account despite there being no association between accounts
22 days ago
nevermind. I cancelled and requested a refund. Very disappointed with Railway. Will look for alternatives
22 days ago
Sorry to see you go. Just to clarify for the record, each workspace does have its own independent billing and subscription, so separating personal and company work into different workspaces would give you separate invoices and billing entities. If you ever reconsider, that setup combined with scoping the GitHub App at github.com/settings/installations would address the repo visibility concern.
Status changed to Awaiting User Response Railway • 22 days ago
Status changed to Solved sam-a • 22 days ago