Pre-authentication keys (“auth keys” for short) let you register new nodes without needing to sign in via a web browser. This is most useful when spinning up containers, IoT devices, or using infrastructure-as-code systems like Terraform.
Step 1: Generate an auth key
As a network admin, visit the auth key page. You can choose between three types:
- One-off Keys for one-time use.
- Reusable Keys for multiple uses.
- Ephemeral Keys for authenticating ephemeral nodes for cloud function services and short-lived devices.
This page also gives you the ability to revoke existing keys.
Step 2: Register a node with the auth key
When you register a node, use the
--authkey option to supply the key and
bypass interactive login:
sudo tailscale up --authkey tskey-abcdef1432341818
Optional: Revoking a key / node
To revoke a key, visit the same auth key page, locate the key in the table at the bottom, and press “revoke.”
Any nodes authorized with the key will stay authorized, even after the key is revoked. To de-authorize the node, delete it from the machines admin page.