Tailscale Source Plugin


This is a premium plugin that you can buy here.

The CloudQuery Tailscale plugin pulls configuration out of Tailscale resources and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).


In order to fetch information from Tailscale, cloudquery needs to be authenticated. The suggested way is to use an OAuth client (opens in a new tab). The previous way of using an API key (opens in a new tab) is also supported.


This example syncs from Tailscale to a Postgres destination, using OAuth authentication. The (top level) source spec section is described in the Source Spec Reference.

kind: source
# Common source-plugin configuration
  name: tailscale
  path: /path/to/downloaded/plugin # Buy from here:
  registry: local
  version: "PREMIUM"
  tables: ["*"]
  destinations: ["postgresql"]

  # plugin specific configuration
    client_id: "<YOUR_CLIENT_ID_HERE>"
    client_secret: ${CLIENT_SECRET_ENV_VARIABLE}
    tailnet: "<YOUR_TAILNET>"
    endpoint_url: "<YOUR_BASE_URL>"


This is the (nested) spec used by the Tailscale source plugin.

  • client_id (string, required): Client ID of the OAuth Client (opens in a new tab).

  • client_secret (string, required): Client secret of the OAuth Client (opens in a new tab) (Make sure to use environment variable expansion and not hard code the keys in the config YAML).

  • tailnet (string, required): This is your Tailscale tailnet name (also known as organization name).

  • api_key (string, optional): This way of authentication is not recommended. An API key to access Tailscale resources. This can be obtained from Tailscale Keys Settings Page (opens in a new tab).

  • endpoint_url (string, optional. Default: not used): Endpoint URL to make the API requests to.