Manage Tailscale resources using Terraform

Terraform is an infrastructure as code tool that allows you to deploy infrastructure programmatically.

The Tailscale Terraform provider is maintained and published in the Terraform registry by Tailscale.

Features

Use the Terraform provider for Tailscale to:

Define your tailnet policy file, using the tailscale_acl resource
Set DNS settings, including:
- global nameservers, using the tailscale_dns_nameservers resource
- restricted nameservers for split DNS, using the tailscale_dns_search_paths resource
- enabling or disabling MagicDNS, using the tailscale_dns_preferences resource
Generate an auth key, including setting whether it’s reusable, ephemeral, pre-authorized, and tagged, using the tailscale_key resource
Manage properties of a device, including:
- approving the device, using the tailscale_device_authorization resource
- disabling key expiry, using the tailscale_device_key resource
- setting tags, using the tailscale_device_tags resource
- advertising subnet routes, using the tailscale_device_subnet_routes resource

To use Terraform with Tailscale, configure the Tailscale Terraform provider with an API access token for Tailscale, and with the name of your tailnet. These can be configured either as part of your Terraform configuration, or as environment variables in Terraform.

It is not recommended to store sensitive information such as an API access token in source control. Instead, use an environment variable.

terraform {
  required_providers {
    tailscale = {
      source = "tailscale/tailscale"
      version = "<version>"
    }
  }
}

provider "tailscale" {
  // Not recommended to store API access tokens in source control
  // Instead, store this as an environment variable TAILSCALE_API_KEY
  api_key = "tskey-1234567CNTRL-abcdefghijklmnopqrstu"
  tailnet = "example.com"
}

Environment variables

Instead of specifying Tailscale provider information in your Terraform configuration file, you can store this information as environment variables in Terraform:

TAILSCALE_API_KEY for the Tailscale API access token
TAILSCALE_TAILNET for the tailnet name

Migrating from the community-contributed Terraform provider

If you previously used the community-contributed Terraform provider, and now want to use the provider managed and published by Tailscale, update the source argument in your Terraform configuration. That is, update source = "davidsbond/tailscale" to source = "tailscale/tailscale".

Special thanks

Special thanks to David Bond, who contributed and maintained the original community-contributed Tailscale Terraform provider. Tailscale now maintains and publishes this provider.

Support

The Tailscale Terraform provider is maintained and published in the Terraform registry by Tailscale. If you have an issue or feature request, contact support or file a GitHub issue.