Manage Tailscale resources using Terraform
Terraform is an infrastructure as code tool that allows you to deploy infrastructure programmatically.
The Tailscale Terraform provider is maintained and published in the Terraform registry by Tailscale.
Features
Use the Terraform provider for Tailscale to:
- Define your tailnet policy file, using the
tailscale_acl
resource - Set DNS settings, including:
- global nameservers, using the
tailscale_dns_nameservers
resource - restricted nameservers for split DNS, using the
tailscale_dns_search_paths
resource - enabling or disabling MagicDNS, using the
tailscale_dns_preferences
resource
- global nameservers, using the
- Generate an auth key, including setting whether it’s reusable, ephemeral, pre-authorized, and tagged,
using the
tailscale_key
resource - Manage properties of a device, including:
- approving the device, using the
tailscale_device_authorization
resource - disabling key expiry, using the
tailscale_device_key
resource - setting tags, using the
tailscale_device_tags
resource - advertising subnet routes, using the
tailscale_device_subnet_routes
resource
- approving the device, using the
Installation steps
To use Terraform with Tailscale, configure the Tailscale Terraform provider with an API access token for Tailscale, and with the name of your tailnet. These can be configured either as part of your Terraform configuration, or as environment variables in Terraform.
terraform {
required_providers {
tailscale = {
source = "tailscale/tailscale"
version = "<version>"
}
}
}
provider "tailscale" {
// Not recommended to store API access tokens in source control
// Instead, store this as an environment variable TAILSCALE_API_KEY
api_key = "tskey-1234567CNTRL-abcdefghijklmnopqrstu"
tailnet = "example.com"
}
Environment variables
Instead of specifying Tailscale provider information in your Terraform configuration file, you can store this information as environment variables in Terraform:
TAILSCALE_API_KEY
for the Tailscale API access tokenTAILSCALE_TAILNET
for the tailnet name
Migrating from the community-contributed Terraform provider
If you previously used the community-contributed Terraform provider, and now want to use the provider
managed and published by Tailscale, update the source
argument in your Terraform configuration. That is, update
source = "davidsbond/tailscale"
to source = "tailscale/tailscale"
.
Special thanks
Special thanks to David Bond, who contributed and maintained the original community-contributed Tailscale Terraform provider. Tailscale now maintains and publishes this provider.
Support
The Tailscale Terraform provider is maintained and published in the Terraform registry by Tailscale. If you have an issue or feature request, contact support or file a GitHub issue.