Darwin XML Timetable S3 bucket
312 views
Skip to first unread message
David Wheatley
Nov 26, 2025, 6:41:06 AM (3 days ago) Nov 26
to openrail...@googlegroups.com
Hi all,
It appears the (shared) open data access key for the Darwin XML Timetable S3 bucket has been deleted.
I've raised a ticket with CACI who are currently investigating.
David
Christopher Riches
Nov 26, 2025, 11:36:04 AM (3 days ago) Nov 26
to A gathering place for the Open Rail Data community
Hi,
By way of update on this I have received a message from CACI saying:
"RDG who have advised that the key has been disabled as it was posted publicly on an open website.
Thanks
We are discussing this with RDG as they look at potential options for users to obtain a replacement key/secret to access the data."
Does anyone know where this timetable and reference data can be found elsewhere in same format?
As far as I can tell the RDM solution with the file listings and possible automated downloads is not up to date and doesn't have todays file according to the file listing.
As far as I can tell the RDM solution with the file listings and possible automated downloads is not up to date and doesn't have todays file according to the file listing.
Lee Fortnam
Nov 26, 2025, 12:34:34 PM (3 days ago) Nov 26
to openrail...@googlegroups.com
Hi David,
Have you had any response from CACI at this stage?
Kind Regards,
Lee
--
You received this message because you are subscribed to the Google Groups "A gathering place for the Open Rail Data community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openraildata-t...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/openraildata-talk/CAGZsNijE2QG6AZQboTbWsjsWomweNxVxDcmvtz9bxRH6EBSu_A%40mail.gmail.com.
David Wheatley
Nov 26, 2025, 12:41:00 PM (3 days ago) Nov 26
to openrail...@googlegroups.com
Hi Lee,
I responded to them, effectively pointing out that everyone already shared the same read-only key and there is really no security concern here.
The reply I received was identical to that of Christopher's.
That's especially the case if anyone can simply gain access to that key by registering on the Open Data portal, or access the files via RDM (licensed under OGL3, which also allows redistribution!).
David
To view this discussion, visit https://groups.google.com/d/msgid/openraildata-talk/CAJVD6bTs-YaSHazRtNZxUs-YpZDbUemAB0Me%3D2iP8%2B26fLN16g%40mail.gmail.com.
Lee Fortnam
Nov 26, 2025, 12:52:42 PM (3 days ago) Nov 26
to openrail...@googlegroups.com
That's bizarre, didn't get the reply Christopher sent but can clearly see it when viewing this thread online.
Does anyone have yesterdays file available as the last file we successfully picked up was at 2:40am on Monday 24th.
Kind Regards,
Lee
To view this discussion, visit https://groups.google.com/d/msgid/openraildata-talk/CAGZsNihomh3185NS2geCu63uTcvw6XBDZuH-xRz7wSJX-n%2BRyw%40mail.gmail.com.
Peter Hicks
Nov 26, 2025, 1:22:31 PM (3 days ago) Nov 26
to openrail...@googlegroups.com
All,
On Wednesday, 26 November 2025 at 16:36, Christopher Riches <rich...@gmail.com> wrote:
By way of update on this I have received a message from CACI saying:"RDG who have advised that the key has been disabled as it was posted publicly on an open website.We are discussing this with RDG as they look at potential options for users to obtain a replacement key/secret to access the data."
I'll give some context here. Amazon regularly scan 'the Internet' and places such as GitHub for leaked S3 secret keys and invalidate them. This is partly a safety thing - a user may inadvertently publish their access key/secret in a GitHub repository allowing expensive activities on AWS such as creating expensive virtual machines and running cryptocurrency miners, or other problematic activities such as downloading anything from a bucket of material that shouldn't be public. It's a step up from somebody having very lax permissions on buckets.
When we were setting up NRDP back in the day, access to the Darwin XML timetable bucket was only available via IP whitelisting, or via an IAM token. We didn't have the ability to generate a unique key per user, hence using shared credentials for everyone. With hindsight, these should have been put behind an API call so they could be rotated easily at any time without anyone having to reconfigure clients - think something like an API call authenticated with your NRDP username/password, and you get the IAM credential returned.
If anyone is already signed up to RDM, I suggest downloading timetable and reference data from there - however I think there will be a lag between the data being advertised in a Push Port message and it appearing on the RDM service, which is clearly suboptimal. I am not in a position to republish the timetable and reference data files myself due to other paid work - trust me, if I were able to, I'd have pushed a workaround out much earlier today!
Peter
Message has been deleted
Peter Hicks
Nov 26, 2025, 4:54:58 PM (3 days ago) Nov 26
to openrail...@googlegroups.com
On Wednesday, 26 November 2025 at 21:52, ceri....@gmail.com <ceri....@gmail.com> wrote:
I don't know what the turnaround times at CACI are like, but as a stopgap measure, is it possible to provide a new, shared key, making it clear that it's days are numbered once a better provisioning mechanism is in place?
The keys are provisioned by RDG's supplier(s), and since NRDP is being sunsetted (retired) at some time in the not too distant future, I imagine all eyes will be on the RDM version of the Push Port feeds.
I am slightly time-limited, but I'll give some contacts at RDG a nudge to get the impact of this more widely understood.
Peter
Message has been deleted
Message has been deleted
Graeme Beton
Nov 27, 2025, 6:10:39 AM (2 days ago) Nov 27
to A gathering place for the Open Rail Data community
It looks as if you get the same shared access keys should you apply for a new feed account under a different email so there appears to be no way round it until they either re-emable the key/secret or issue new / individual ones!
On Thursday, 27 November 2025 at 09:45:07 UTC Dewstorm wrote:
I am experiencing the same issue reported by others: the shared access key for the S3 bucket is no longer working or appears to have been revoked. I need confirmation if a new temporary key is available or if there is an updated authentication process.
- Service: Darwin XML Timetable
- Access method: S3 bucket
- Problem: Shared key invalid / access denied
- Urgency: High, as the feed is required for ongoing integrations.
Could you please provide a new temporary access key or indicate the correct procedure to restore access?
Brandon Randle
Nov 27, 2025, 11:05:39 AM (2 days ago) Nov 27
to A gathering place for the Open Rail Data community
Just in case anybody hasn't checked their emails or missed it: looks like there's a new (presumably still shared) S3 key in the portal now
(Please obviously nobody post it here or it'll be revoked again!)
Lee Fortnam
Nov 27, 2025, 11:21:08 AM (2 days ago) Nov 27
to openrail...@googlegroups.com
If it ends '1qE' then yes it is shared still.
Working this end now.
--
You received this message because you are subscribed to the Google Groups "A gathering place for the Open Rail Data community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openraildata-t...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/openraildata-talk/3681a952-4e52-4c42-a5a9-84d32d927a19n%40googlegroups.com.
Evelyn Snow
Nov 27, 2025, 11:22:21 AM (2 days ago) Nov 27
to openrail...@googlegroups.com
Hi Lee,
Can confirm that it's indeed still shared
Evelyn
Can confirm that it's indeed still shared
Evelyn
Peter Hicks
Nov 27, 2025, 12:03:56 PM (2 days ago) Nov 27
to openrail...@googlegroups.com
On Thursday, 27 November 2025 at 16:22, Evelyn Snow <eve...@kanaya.dev> wrote:
> Can confirm that it's indeed still shared
Peter
Reply all
Reply to author
Forward
0 new messages