Darwin XML Timetable S3 bucket

[David Wheatley]

Hi all,

It appears the (shared) open data access key for the Darwin XML Timetable S3 bucket has been deleted.

I've raised a ticket with CACI who are currently investigating.

David

[Christopher Riches]

Hi,

By way of update on this I have received a message from CACI saying:

"RDG who have advised that the key has been disabled as it was posted publicly on an open website.  

We are discussing this with RDG as they look at potential options for users to obtain a replacement key/secret to access the data."

Does anyone know where this timetable and reference data can be found elsewhere in same format? 

As far as I can tell the RDM solution with the file listings and possible automated downloads is not up to date and doesn't have todays file according to the file listing.

Thanks

[Lee Fortnam]

Hi David,

Have you had any response from CACI at this stage?

Kind Regards,

Lee

--
You received this message because you are subscribed to the Google Groups "A gathering place for the Open Rail Data community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openraildata-t...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/openraildata-talk/CAGZsNijE2QG6AZQboTbWsjsWomweNxVxDcmvtz9bxRH6EBSu_A%40mail.gmail.com.

[David Wheatley]

Hi Lee,

The reply I received was identical to that of Christopher's.

I responded to them, effectively pointing out that everyone already shared the same read-only key and there is really no security concern here.

That's especially the case if anyone can simply gain access to that key by registering on the Open Data portal, or access the files via RDM (licensed under OGL3, which also allows redistribution!).

David

To view this discussion, visit https://groups.google.com/d/msgid/openraildata-talk/CAJVD6bTs-YaSHazRtNZxUs-YpZDbUemAB0Me%3D2iP8%2B26fLN16g%40mail.gmail.com.

[Lee Fortnam]

That's bizarre, didn't get the reply Christopher sent but can clearly see it when viewing this thread online.

Does anyone have yesterdays file available as the last file we successfully picked up was at 2:40am on Monday 24th.

Kind Regards,

Lee

To view this discussion, visit https://groups.google.com/d/msgid/openraildata-talk/CAGZsNihomh3185NS2geCu63uTcvw6XBDZuH-xRz7wSJX-n%2BRyw%40mail.gmail.com.

[Peter Hicks]

All,

On Wednesday, 26 November 2025 at 16:36, Christopher Riches <rich...@gmail.com> wrote:

By way of update on this I have received a message from CACI saying:

"RDG who have advised that the key has been disabled as it was posted publicly on an open website.

We are discussing this with RDG as they look at potential options for users to obtain a replacement key/secret to access the data."

I'll give some context here.  Amazon regularly scan 'the Internet' and places such as GitHub for leaked S3 secret keys and invalidate them.  This is partly a safety thing - a user may inadvertently publish their access key/secret in a GitHub repository allowing expensive activities on AWS such as creating expensive virtual machines and running cryptocurrency miners, or other problematic activities such as downloading anything from a bucket of material that shouldn't be public.  It's a step up from somebody having very lax permissions on buckets.

When we were setting up NRDP back in the day, access to the Darwin XML timetable bucket was only available via IP whitelisting, or via an IAM token.  We didn't have the ability to generate a unique key per user, hence using shared credentials for everyone.  With hindsight, these should have been put behind an API call so they could be rotated easily at any time without anyone having to reconfigure clients - think something like an API call authenticated with your NRDP username/password, and you get the IAM credential returned.

If anyone is already signed up to RDM, I suggest downloading timetable and reference data from there - however I think there will be a lag between the data being advertised in a Push Port message and it appearing on the RDM service, which is clearly suboptimal.  I am not in a position to republish the timetable and reference data files myself due to other paid work - trust me, if I were able to, I'd have pushed a workaround out much earlier today!

Peter

[Peter Hicks]

On Wednesday, 26 November 2025 at 21:52, ceri....@gmail.com <ceri....@gmail.com> wrote:

I don't know what the turnaround times at CACI are like, but as a stopgap measure, is it possible to provide a new, shared key, making it clear that it's days are numbered once a better provisioning mechanism is in place?

The keys are provisioned by RDG's supplier(s), and since NRDP is being sunsetted (retired) at some time in the not too distant future, I imagine all eyes will be on the RDM version of the Push Port feeds.

I am slightly time-limited, but I'll give some contacts at RDG a nudge to get the impact of this more widely understood.

Peter

[Graeme Beton]

It looks as if you get the same shared access keys should you apply for a new feed account under a different email so there appears to be no way round it until they either re-emable the key/secret or issue new / individual ones!

On Thursday, 27 November 2025 at 09:45:07 UTC Dewstorm wrote:

I am experiencing the same issue reported by others: the shared access key for the S3 bucket is no longer working or appears to have been revoked. I need confirmation if a new temporary key is available or if there is an updated authentication process.

• Service: Darwin XML Timetable
• Access method: S3 bucket
• Problem: Shared key invalid / access denied
• Urgency: High, as the feed is required for ongoing integrations.

Could you please provide a new temporary access key or indicate the correct procedure to restore access?

[Brandon Randle]

Just in case anybody hasn't checked their emails or missed it:  looks like there's a new (presumably still shared) S3 key in the portal now

(Please obviously nobody post it here or it'll be revoked again!)

[Lee Fortnam]

If it ends '1qE' then yes it is shared still.

Working this end now.

--
You received this message because you are subscribed to the Google Groups "A gathering place for the Open Rail Data community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openraildata-t...@googlegroups.com.

To view this discussion, visit https://groups.google.com/d/msgid/openraildata-talk/3681a952-4e52-4c42-a5a9-84d32d927a19n%40googlegroups.com.

[Evelyn Snow]

Hi Lee,

Can confirm that it's indeed still shared

Evelyn

[Peter Hicks]

On Thursday, 27 November 2025 at 16:22, Evelyn Snow <eve...@kanaya.dev> wrote:

> Can confirm that it's indeed still shared

I've just had confirmation from RDG that the credentials have been updated :)


Peter

[Jez Smith]

Just referencing the comments above about this file being a day out of date on RDM, we are going to make a change to upload timing to overcome this.  A message will go out to subscribers, but as I know that there was some interest in this, I thought that it would be helpful to copy the notification below.

We’re updating the schedule for Darwin timetable file transfers. Currently, these files are made available around midnight, which means the data is one day behind. From 15th December 2025, the files will be transferred at approximately 3:00 AM UK time. This change means you will receive same-day data instead of the previous day’s. Please update any systems that consume these files to accommodate the new timing. If you have any questions, please contact our Support Team