new | show | ask | jobs Github

tecleandor 3 hours ago

You can manually disable key expiration for hosts in Tailscale, and I think you can do it with tags too...

https://tailscale.com/kb/1028/key-expiry#disabling-key-expir...

▲

katdork 3 hours ago | parent [-]

The word "auth keys" meant nothing to you, I guess: https://tailscale.com/kb/1085/auth-keys

▲

matthewmacleod 3 hours ago | parent [-]

What would be your use-case for auth keys with long expiry times? Auth keys are only required for registering new nodes.

▲

stingraycharles 2 hours ago | parent [-]

When managing your infrastructure as code, it’s quite common to deploy new instances for upgrades etc. Having these keys expire after 3 months is a big pain. Eg doing a routine update by rebuilding an AMI.

I don’t understand how they can have such a strategy, and then not having any decent way to programmatically allocate new keys.

	▲	matthewmacleod an hour ago \| parent [-]
		Yeah, that's a common workflow. It's easy to programatically allocate those keys using the OAuth workflow though – there's even a CLI utility to do it (https://tailscale.com/kb/1215/oauth-clients#get-authkey-util...) This can all be automated using e.g. the Terraform Tailscale provider, which takes the OAuth id/secret and can then issue keys as needed for the infrastructure you are deploying.