Hugging Face’s mission is to democratize good machine learning, one commit at a time.

Founded in 2016, Hugging Face has quickly become one of the most popular, open-source AI code repositories and currently hosts over 1 million public and private models. By providing developers access to pre-trained models and datasets, they help to accelerate the development of their AI-based applications. As of today, more than 1.5 million users and over 50,000 organizations are using Hugging Face.

Standardizing on a universal secure remote access solution

When Guillaume Legendre joined Hugging Face as a DevOps engineer, the company’s networking and access tool stack was inefficient. “People used the tools that worked for them. Many standalone tools were being used to access servers and other resources. This created a lot of overhead for my team to manage.” Facing continued company growth, the infrastructure team started looking for a better solution and concluded that they needed to standardize on a common secure remote access solution. “We needed a solution that was compatible with everything—all of our operating systems, development environments, and physical hardware such as Ubiquiti switches and cloud gateways. We also needed it to be built on zero trust principles. We have a lot of remote employees. They need the same level of access as those in the office to complete their work without compromising security,” said Legendre. After an extensive search, the team landed on Tailscale.

Streamlining management across complex networks

“One of my favorite things about Tailscale was how fast I could start building out our networks. I could spin up servers or databases using infrastructure-as-code (IaC). Provisioning resources manually can be very time-consuming, and the ability to fit into existing IaC workflows made deploying our network infrastructure easy,” shared, Legendre. Additionally, Tailscale natively integrated with Hugging Face’s existing identity provider (IdP), Okta, which immediately strengthened its platform’s security posture. “To access the network, users have to sign in using SSO with MFA. Admins can automate the user lifecycle with Tailscale SCIM. It automatically provisions new users, and de-provisions leaving a team grouping or the organization. Freeing the team from having to make these manual updates on a daily or weekly cadence, saving us tens of hours a month,” said Legendre. By pairing these tools with Tailscale’s access control lists (ACLs), Hugging Face can segment access to resources based on roles or groups to create a least-privilege access environment, where users can only access pre-authorized resources, not the entire network.

“Tailscale has been a fantastic partner to us. The product is easy to use and the UI is superb. It’s made enforcing zero trust across our networks incredibly simple. Now we can continue scaling without expanding our attack surface.”

Protecting CI/CD Pipelines with ephemeral secrets

“When building products, we often think about how we can maximize openness and freedom for our community to help them accomplish their goals. We want to provide them with all the tools they need to be successful,” said Michelle Habonneau, Product Manager at Hugging Face. They had originally built on AWS and branched out to support other clouds like Google Cloud or Microsoft Azure to enable customers to use Hugging Face wherever their workloads or instances reside. The development teams can seamlessly move between clouds to access resources or update applications with Tailscale.

As the team looks towards the future, securing their CI/CD pipelines for application development is paramount. The Tailscale integration with GitHub Actions secures their development workflows without introducing friction. Developers can use Tailscale to provision ephemeral keys, eliminating the need for long-lived credentials to develop applications across their heterogeneous environments without increasing their attack surface. Habonneau: “security is one of our top priorities and challenges. Tailscale has been a necessary step for us as we evolve and scale.”

Benefits