Tailscale OAuth Key

Description

General

• Documentation: https://tailscale.com/kb/1215/oauth-clients/
• Summary: Tailscale is a zero-configuration virtual private network (VPN) solution, making it simple to create secure networks between computers, servers, and cloud instances. Tailscale supports an API to let customers automate various aspects of their network. The Oauth key allows the customer to authenticate to use this API, but unlike API keys the OAuth clients allow fine-grained control on the access granted to the clients using scopes.
• IPs allowlist: IP allowlists (or Block lists) are possible, see Tailscale IP Block lists.
• Scopes: This key grants access to applications in the tailnet using the Tailscale API.

Revoke the secret

The Oauth clients can be revoked in the Oauth page.

Check for suspicious activity

Keys and secrets activity can be monitored in the Logs page of the Tailscale admin consoles.

Details for Tailscale oauth key

• Family: Api

• Category: Remote access

• Company: Tailscale

• High recall: True

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 0.02

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - tskey-client-

Examples

- text: "+TAILSCALE_CLIENT_KEY = 'tskey-client-bcSWBhEIi3B0-6zePybp9BncO6mwnVtWpj6qoIeLFgrYc'"
  apikey: tskey-client-bcSWBhEIi3B0-6zePybp9BncO6mwnVtWpj6qoIeLFgrYc

# Fat-fingered secret
- text: Xtskey-client-bcSWBhEIi3B0-6zePybp9BncO6mwnVtWpj6qoIeLFgrYc
  apikey: tskey-client-bcSWBhEIi3B0-6zePybp9BncO6mwnVtWpj6qoIeLFgrYc