How do I deploy Pocket ID on Railway?

You can deploy Pocket ID on Railway by clicking the "Deploy Now" button on this page. Railway will automatically set up all the necessary services and configurations for you.

What are the system requirements?

Railway handles all the infrastructure requirements. You only need a web browser to deploy and manage your application.

Is this template free to use?

Yes, this template is free to use within your existing Railway account.

Can I customize this template?

Yes, you can fully customize this template. After deployment, you will have full control of what you've deployed in your Railway project.

How do I get support for this template?

You can get support through our community forum: pocket-id-e4e44991, or click "Get template help" for this template for more assistance.

Deploy and Host Pocket ID on Railway

Pocket ID is a self-hosted OpenID Connect (OIDC) provider that authenticates users with passkeys instead of passwords. It is simple to deploy and supports hardware security keys such as YubiKey.

About Hosting Pocket ID

Hosting Pocket ID requires a single application container and a PostgreSQL database. The app stores user data, registered passkeys, and OIDC client configurations in Postgres and persists uploaded assets to a local volume. Railway provisions the database automatically, wires the connection string via a reference variable, and exposes the app over HTTPS through its built-in proxy ΓÇö so the only post-deploy step is setting your public APP_URL.

Common Use Cases

Add passkey-based single sign-on to self-hosted services (Grafana, Gitea, Nextcloud, etc.)
Replace password-based login for internal tools without running a heavyweight IdP like Keycloak
Provide phishing-resistant authentication using FIDO2 hardware security keys

Dependencies for Pocket ID Hosting

PostgreSQL (Railway-managed, provisioned automatically by this template)
A persistent volume mounted at /app/data for file storage

Deployment Dependencies

Docker image: ghcr.io/pocket-id/pocket-id
Upstream documentation: pocket-id.org/docs
Environment variable reference: pocket-id.org/docs/configuration/environment-variables

Implementation Details

The template sets TRUST_PROXY=true by default because Railway routes all traffic through its proxy layer ΓÇö without this, Pocket ID cannot resolve the real client IP for rate limiting and audit logs.

The ENCRYPTION_KEY is auto-generated at deploy time using Railway's secret() function. Store a backup of this value: rotating it requires re-encrypting all stored secrets.

Why Deploy Pocket ID on Railway?

Railway is a singular platform to deploy your infrastructure stack. Railway will host your infrastructure so you don't have to deal with configuration, while allowing you to vertically and horizontally scale it.

By deploying Pocket ID on Railway, you are one step closer to supporting a complete full-stack application with minimal burden. Host your servers, databases, AI agents, and more on Railway.