Pre-authentication keys (“auth keys”) allow you to register new nodes without doing an interactive login. This is most useful when spinning up containers, IoT devices, or using infrastructure-as-code systems like Terraform.
Step 1: Generate an auth key
As a network admin, visit the auth key page. You can choose “One-off Key” for one-time use, or a “Reusable Key” for multiple uses. This page also gives you the ability to revoke existing keys.
Be very careful with multi-use keys! These can be very dangerous if stolen. They’re best kept in a key vault product specially designed for the purpose.
Step 2: Register a node with the auth key
When you register a node, use the
--authkey option to supply the key and
bypass interactive login:
sudo tailscale up --authkey tskey-abcdef1432341818
Optional: Revoking a key / node
To revoke a key, visit the same auth key page, locate the key in the table at the bottom, and press “revoke.”
Any nodes authorized with the key will stay authorized, even after the key is revoked. To de-authorize the node, delete it from the machines admin page