# Production best practices

Last validated May 23, 2025

[**Deployment checklist**](/docs/reference/deployment-checklist) — Your checklist to ensure a successful Tailscale deployment.

[**Key and secret management**](/docs/reference/key-secret-management) — Manage the various types of keys and secrets for your tailnet.

[**Scanning for exposed Tailscale secrets**](/docs/integrations/secret-scanning) — Find out how Tailscale partners scan for exposed Tailscale secrets and provide notifications to help prevent fraudulent access.

[**Admin account with passkey login**](/docs/reference/tailnet-passkey-admin) — Proactively set up an admin user that can log in to your tailnet with a passkey, to mitigate against a future SSO lockout.

[**Performance best practices**](/docs/reference/best-practices/performance) — Get the most performance out of your Tailscale deployment.

[**AWS reference architecture**](/docs/reference/reference-architectures/aws) — Deploy Tailscale to Amazon Web Services (AWS) with best practices, security, and production readiness in mind.

[**Azure reference architecture**](/docs/reference/reference-architectures/azure) — Deploy Tailscale to Microsoft Azure with best practices, security, and production readiness in mind.

[**Google Cloud Platform reference architecture**](/docs/reference/reference-architectures/gcp) — Deploy Tailscale to Google Cloud Platform (GCP) with best practices, security, and production readiness in mind.
