announcement

Introducing the Tailscale Source Plugin

Aleksandr Shcherbakov

Aleksandr Shcherbakov Dec 15, 2022

Tailscale provides zero-config VPN software and a web-based management service. To learn more about Tailscale visit their homepage.
CloudQuery now supports pulling ACL, Device and DNS resources from Tailscale using Tailscale API.
Take a look at our Configuration section to configure required credentials for the plugin.
Below are some query examples to get you started.

Detect unauthorized devices

If you have added some devices but haven't authorized them you will not be able to connect them to your tailnet. It's best practice to keep your inventory clean, as Tailscale limits the amount of devices. Here's a query to check for unauthorized devices:
select dev.id, dev.user
from tailscale_devices as dev
where not dev.authorized
order by id;
This query would output a table of device IDs and corresponding users for unauthorized devices:
id         |       user
-------------------+------------------
 12345678901234567 | user@example.com
(1 row)
You can now put this in a dashboard or set up an alert on it.

Make sure all your devices have enabled key expiry

To keep your infrastructure secure it's best practice to make device keys expire. Here's a query to check for devices that have disabled key expiry.
select dev.id, dev.user
from tailscale_devices as dev
where dev.key_expiry_disabled
order by id;
This query would output a table of device IDs and corresponding users for devices that have key expiry disabled:
id         |       user
-------------------+------------------
 12345678901234567 | user@example.com
(1 row)

What's next

We are going to continue expanding the Tailscale source plugin, adding support for more resources. Interested in seeing another plugin? Check out Creating a New Plugin and/or open an issue on our GitHub.
Subscribe to product updates

Be the first to know about new features.