Railway Secrets

Overview

Railway Secrets is a self-hosted PHP dashboard for managing and rotating Railway environment variables. It works across global scope and per-service scope, giving you a single place to audit, update, and schedule secret rotations — without touching the Railway dashboard directly.

Features

• Lists global and per-service Railway environment variables
• Rotates secrets on demand from the dashboard or on a schedule via cron
• Generates new values with configurable length and encoding (hex, base64, alphanumeric)
• Stores the previous value after each rotation, encrypted with AES-256-GCM
• Groups services into named sets for organised workflows
• Session-based auth with CSRF token protection
• Login throttling with a separate SQLite rate-limit database

Tech Stack

• PHP 8.2
• SQLite
• Nginx + PHP-FPM (Docker)
• Railway GraphQL API

Status

Available as a one-click Railway deploy template. Self-hosted — your Railway API token never leaves your own deployment.