Secure node state storage
Tailscale node state contains node keys and other sensitive data necessary for identifying the device to your Tailscale network (known as a tailnet) and for encrypting and decrypting traffic to other devices on the tailnet. This document covers how Tailscale encrypts the node state and how to opt out.
Why it matters
Secure node state storage can help protect against a malicious actor copying node state from one device to another, effectively cloning the node. By using platform-specific capabilities, Tailscale ensures node state encrypts at rest, making theft from disk and node cloning more difficult.
Platform support
Secure node state storage implementations vary by platform and Tailscale client version.
| Platform | Implementation | Version support |
|---|---|---|
| Android | EncryptedSharedPreferences | All versions |
| Linux | Trusted Platform Module (TPM) | Tailscale v1.86 and later |
| macOS/iOS/tvOS from Mac App Store | Keychain | All versions |
| macOS standalone | Keychain | Tailscale v1.86 and later |
| Windows | TPM | Tailscale v1.86 and later |
Prerequisites
- Refer to platform support for the minimum required Tailscale version for your client platforms.
- On Linux and Windows, your device must have a functioning TPM 2.0 device.
Configure secure node state storage
Configuration of node state storage differs by platform. With Tailscale 1.90.2 or later node state storage encrypts by default on all supported platforms.
Android
Secure node state storage encrypts by default and does not require extra configuration.
Linux
Configure secure node state storage by passing the --encrypt-state flag to tailscaled. Apply the changes by restarting tailscaled.
macOS/iOS/tvOS (from Mac App Store)
Secure node state storage encrypts by default and does not require extra configuration.
macOS standalone
Configure secure node state storage by setting the EncryptState system policy. Apply the changes by restarting tailscaled. Refer to Deploy Tailscale on macOS using MDM for how to configure this on macOS.
Windows
Configure secure node state storage by setting the EncryptState system policy. Apply the changes by restarting tailscaled. Refer to Deploy Tailscale on Windows using MDM for how to configure this on Windows.
Disabling secure node state storage
On supported platforms, disabling secure node state storage will migrate encrypted state to the prior plaintext format.
Device posture attribute
Devices have a node:tsStateEncrypted device posture attribute indicating whether the Tailscale node state encrypts.
Recover from TPM failures
On Linux and Windows, the Tailscale client encrypts the node state file with a TPM device. To read or modify the state file, Tailscale has to decrypt it with the exact same TPM device.
In some uncommon situations the TPM device can get reset or disappear entirely, usually due to a bad firmware update or hardware failure. When this happens, Tailscale is unable to decrypt the state file, which causes the client to fail to start.
You can verify that this is the reason for Tailscale not running by looking for
errors containing failed to unseal state file in the client
logs.
If you are unable to determine why the TPM device is misbehaving and fix it, the only remaining solution is to reset the node state and register it again.
- Remove the old device from the admin console.
- Uninstall the client completely.
- Reinstall the client.
- Follow the usual login flow to register the node again.
Limitations
- If secure node state storage is explicitly enabled on a Linux or Windows device without TPM 2.0 support, Tailscale will fail to start. If not configured explicitly, node state will not be encrypted on devices without TPM 2.0 support, and Tailscale will run normally.
- Enabling secure node state storage can only be done using system policies or CLI flags, not through the graphical settings screen.