Deploy pgrust
Postgres rewritten in Rust, now passing 100% Postgres regression tests
pgrust
Just deployed
/var/lib/postgresql/data
Deploy and Host pgrust on Railway
pgrust is an experimental rewrite of PostgreSQL in Rust. It currently targets compatibility with PostgreSQL 18.3 and can communicate with standard PostgreSQL clients such as psql. The project explores alternative database internals and performance improvements, but it is still under active development and is not intended for production databases or critical data.
About Hosting pgrust
This Railway template deploys the official pgrust Docker image, initializes a PostgreSQL-compatible database cluster, and attaches persistent storage so that database files survive redeployments.
The service listens on the standard PostgreSQL port 5432 and exposes familiar connection variables such as PGHOST, PGUSER, PGDATABASE, and DATABASE_URL. Applications running inside the same Railway project can connect through Railway's private network.
pgrust is currently experimental. The project explicitly states that it is not production-ready or fully performance-optimized. Existing PostgreSQL extensions and procedural languages are also not generally compatible yet.
Most importantly, the current pgrust release does not fully implement password authentication for TCP connections. The template still generates and stores a PostgreSQL password, but that password is not currently enforced for network connections. Public TCP access should therefore only be enabled temporarily for controlled testing.
Important Limitations
Not Production-Ready
pgrust is still under active development and should not be used for:
- Production databases
- Critical or irreplaceable information
- Financial, medical, authentication, or customer data
- Workloads requiring guaranteed PostgreSQL compatibility
- Systems requiring established backup, recovery, replication, or high-availability guarantees
Always keep an independent backup of any data used with this template.
TCP Password Authentication Is Not Enforced
The template creates a password using:
POSTGRES_PASSWORD=${{secret(32)}}
This password is stored on the PostgreSQL role during initialization. It is also included in variables such as PGPASSWORD and DATABASE_URL so that the template remains compatible with normal PostgreSQL application configuration.
However, the current pgrust implementation cannot yet validate role passwords for TCP connections. Its Docker entrypoint therefore configures network access using PostgreSQL's trust authentication mode.
In practical terms, this means that a client able to reach the pgrust TCP port may connect without knowing the correct password.
For example, a connection may currently succeed even when a false password is supplied:
PGPASSWORD="incorrect-password" psql \
"host=HOST port=PORT user=postgres dbname=postgres sslmode=disable"
The generated password must therefore not be treated as a security boundary for the current release.
Do Not Expose the Database Publicly
Railway private networking should be used for normal communication between pgrust and applications in the same Railway project.
A Railway TCP Proxy exposes the database through a public hostname and port. Because pgrust currently uses trust authentication for TCP connections, enabling a public TCP Proxy can make the database accessible without a valid password.
Recommended configuration:
Private networking: Enabled
Public TCP Proxy: Disabled
A public TCP Proxy should only be enabled temporarily for testing, then removed immediately after the test.
Limited PostgreSQL Compatibility
pgrust aims to reproduce PostgreSQL behavior, but complete application compatibility should not be assumed.
Potential compatibility limitations include:
- PostgreSQL extensions may not work
- Procedural languages such as PL/Python, PL/Perl, and PL/Tcl are not generally supported
- Some PostgreSQL tools, administrative operations, or uncommon SQL behavior may be incomplete
- Third-party ORMs and drivers may use features that pgrust has not fully implemented
- Future pgrust releases may introduce breaking database-format or behavior changes
Applications should be tested thoroughly before relying on pgrust, even for development environments.
Experimental Upgrade Path
The template pins the Docker image to:
malisper/pgrust:v0.1
Using a pinned version prevents an automatic update from unexpectedly changing the database engine.
Do not switch to latest for a persistent database unless you have reviewed the release changes and created a backup. pgrust is evolving quickly, and a stable upgrade or migration path between experimental versions should not be assumed.
Common Use Cases
- Testing whether an application or PostgreSQL driver can communicate with pgrust
- Exploring a Rust-based implementation of PostgreSQL internals
- Running SQL compatibility and regression experiments
- Evaluating experimental database-engine behavior
- Building temporary development environments with non-critical data
Dependencies for pgrust Hosting
- The
malisper/pgrust:v0.1Docker image - A persistent Railway volume
- Railway private networking
- A PostgreSQL-compatible client or application
Deployment Dependencies
Implementation Details
The template uses the following variables:
PGDATA=/var/lib/postgresql/data/pgrust
PGHOST=${{RAILWAY_PRIVATE_DOMAIN}}
PGPORT=5432
PGUSER=${{POSTGRES_USER}}
PGDATABASE=${{POSTGRES_DB}}
PGPASSWORD=${{POSTGRES_PASSWORD}}
POSTGRES_DB=postgres
POSTGRES_USER=postgres
POSTGRES_PASSWORD=${{secret(32)}}
DATABASE_URL=postgresql://${{POSTGRES_USER}}:${{POSTGRES_PASSWORD}}@${{RAILWAY_PRIVATE_DOMAIN}}:5432/${{POSTGRES_DB}}
The persistent Railway volume is mounted at:
/var/lib/postgresql/data
The actual pgrust database cluster is stored in:
/var/lib/postgresql/data/pgrust
The database directory intentionally uses a subdirectory inside the mounted volume. Railway's volume mount root may contain filesystem metadata, while pgrust initialization requires its target database directory to be empty.
Using the volume root directly as PGDATA may cause the following initialization error:
initdb: error: directory "/var/lib/postgresql/data" exists but is not empty
The service listens internally on:
5432
Applications in the same Railway project should connect using:
DATABASE_URL=postgresql://${{POSTGRES_USER}}:${{POSTGRES_PASSWORD}}@${{RAILWAY_PRIVATE_DOMAIN}}:5432/${{POSTGRES_DB}}
Although the URL contains a password for PostgreSQL compatibility, the current release does not enforce that password for TCP connections. Access control must therefore rely on Railway private networking rather than PostgreSQL password authentication.
Security Notice
This template should be treated as an experimental database deployment.
Do not store sensitive information in it. Do not expose its TCP port publicly for permanent use. Do not assume the generated password prevents unauthorized TCP access. Do not use it as a replacement for a production PostgreSQL service.
Use pgrust only with disposable or independently backed-up data until password authentication, compatibility, operational tooling, and production readiness have been explicitly implemented and documented by the project.
Why Deploy pgrust on Railway?
Railway is a singular platform to deploy your infrastructure stack. Railway will host your infrastructure so you don't have to deal with configuration, while allowing you to vertically and horizontally scale it.
By deploying pgrust on Railway, you are one step closer to supporting a complete full-stack application with minimal burden. Host your servers, databases, AI agents, and more on Railway.
Template Content
pgrust
malisper/pgrust:latest