Skip to content

lbrlabs/tailscale-authkey-lambda-rotator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
template.yml
template.yml
 
 

Repository files navigation

tailscale-authkey-lambda-rotator

An AWS lambda function to rotate Tailscale auth keys store in a secret store

Why?

Tailscale Auth Keys have an expiry date, after which they can't be used to add new clients to the tailnet.

The best practice with Tailscale is to create an OAuth Client and use those to authenticate devices. You can use OAuth clients to directly authenticate devices, but then you have static credentials which can be used forever if they're exfiltrated.

The solution is to create an OAuth client, then create an auth key that expires to authorize new devices. If you follow that path, you can use this lambda to periodically rotate your auth keys.

About

An AWS lambda function to rotate Tailscale auth keys store in a secret store

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.0.1 Latest
Mar 13, 2025

Packages

No packages published

Languages