Environment Variables
Each Railway service owns its variables. Shared values may be referenced, but each service must receive the exact keys it validates at startup.
Common Variables
| Variable | Services | Notes |
|---|---|---|
| NODE_ENV | Web, API, Gateway, Worker | production on Railway. |
| PORT | Web, API, Gateway, Worker | Injected by Railway for the running container. |
| SERVICE_NAME | Web, API, Gateway, Worker | Must match the package literal. |
| PUBLIC_WEB_ORIGIN | Web, API, Gateway, Worker | Browser-facing web origin. |
| API_PUBLIC_URL | Web, API, Gateway, Worker | Browser-facing API URL. |
| GATEWAY_PUBLIC_URL | Web, API, Gateway, Worker | Browser-facing gateway URL. |
Production Guards
- API requires EVENT_RECEIPT_SIGNING_PRIVATE_KEY_PEM in production.
- Gateway production PEM fields must be PEM encoded.
- Worker production package scans require PACKAGE_SECURITY_SCANNER_IMAGE_DIGEST.
- Metrics bearer tokens are required whenever production metrics are enabled.
Source Material
- ops/railway/env-matrix.md
- apps/api/src/env.ts
- apps/gateway/src/env.ts
- apps/worker/src/env.ts
- apps/web/src/env.ts