Question: “Why no public buckets on Railway?”

I wanted to elaborate because this question comes up very often, and it’s not an easy yes or no.

Public buckets have lots of footguns. It’s not rare to hear about security incidents involving public buckets. For most things that aren’t just static assets, you want a backend for authorization.

What about static sites? It’s already easy to host static sites on Railway. Buckets are cheaper, but the added benefit for the platform isn’t as huge as private buckets.

For caching and saving egress on static assets, CDNs work great. We’re cooking. 👀

It’s unclear if we just want to add a “Public” checkbox to buckets, because of the security footguns. In the end, I’ll feel complicit if someone accidentally uses public buckets due to poor UX. Ideally we build something that allows the usage of public buckets, but prevents users from accidentally leaking private files in a public bucket.