Tailscale Pre Auth Key

Description

General

• Documentation: https://tailscale.com/kb/1085/auth-keys/
• Summary: Tailscale is a zero-configuration virtual private network (VPN) solution, making it simple to create secure networks between computers, servers, and cloud instances. Pre-authentication keys (“auth keys” for short) allow the customer to register new nodes without needing to sign in via a web browser. This is most useful when spinning up containers, IoT devices, or using infrastructure-as-code systems like Terraform.
• IPs allowlist: IP allowlists (or Block lists) are possible, see Tailscale IP Block lists.
• Scopes: This key allows the customer to register new nodes to the VPN.

Revoke the secret

The API keys expire quickly. They can also be revoked in the Tailscale Keys page.

Check for suspicious activity

Keys and secrets activity can be monitored in the Logs page of the Tailscale admin consoles.

Details for Tailscale pre auth key

• Family: Api

• Category: Remote access

• Company: Tailscale

• High recall: True

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 1.5

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - tskey-auth-

Examples

- text: "+TAILSCALE_PRE_AUTH_KEY = 'tskey-auth-P4OGD6D7uEN5-Fyspxt5GpFK50Y5ad1dBswPztUwbvsno0'"
  apikey: tskey-auth-P4OGD6D7uEN5-Fyspxt5GpFK50Y5ad1dBswPztUwbvsno0

# Fat-fingered secret
- text: Xtskey-auth-P4OGD6D7uEN5-Fyspxt5GpFK50Y5ad1dBswPztUwbvsno0
  apikey: tskey-auth-P4OGD6D7uEN5-Fyspxt5GpFK50Y5ad1dBswPztUwbvsno0