madtskey

package module

v0.0.0-...-e0ec7b3 Latest Latest Go to latest Published: Jul 3, 2023 License: BSD-3-Clause Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/madison-tech/madtskey

Links

Open Source Insights

README ¶

madtskey

Use this module to generate an ephemeral, one time use Auth key for your Tailscale devices.

Once generated you can use this key to have new devices join your tailnet. We use this module as part of a larger Pulumi program when we want to have a cloud server provisioned by cloud-init and then join our tailnet.

To use it, first generate an OAuth Client from your Tailscale admin settings page.

Then create a .env file and copy the client ID, client Secret and Organization name as shown below. Generally the first item in the settings page, if you are an individual account, the org name is usually your email address:

OAUTH_CLIENT_ID=k123456CNTRL
OAUTH_CLIENT_SECRET=tskey-client-123456CNTRL-abcdefghijklmnopqrstuvwxyz
TAILNET=your_org_name

When using this automated approach, it is mandatory to set tags for these keys. You can add a tag by visiting the Access Controls page and adding a tag to the root of the ACL e.g:

// Define the tags which can be applied to devices and by which users.
	"tagOwners": {
		"tag:mad-ts-key": ["autogroup:admin"],
	},

Then you can call CreateAuthKey() to create your API key. You have to specify how long you want this key to be alive for in seconds, a description for the key and the tags that you created in the ACL page:

key, err := CreateAPIKey(300, "my test key", []string{"tag:mad-ts-key"})

We recommend keeping your expiry time very short since you will want to use this in an automation framework

Then call key.Key to get your key which you can use when having new devices join your tailnet:

tailscale up --authkey=tskey-auth-k123456CNTRL-abcdefghijklmnopqrstuvwxyz

Documentation ¶

Index ¶

type Capabilities
type Create
type Devices
type Req
- func (r *Req) AsReader() io.Reader
type TSResponse
- func CreateAuthKey(expirySeconds int, description string, tags []string) (*TSResponse, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Capabilities ¶

type Capabilities struct {
	Devices Devices `json:"devices"`
}

type Create ¶

type Create struct {
	Reusable      bool     `json:"reusable"`
	Ephemeral     bool     `json:"ephemeral"`
	Preauthorized bool     `json:"preauthorized"`
	Tags          []string `json:"tags"`
}

type Devices ¶

type Devices struct {
	Create Create `json:"create"`
}

type Req ¶

type Req struct {
	Capabilities  Capabilities `json:"capabilities"`
	ExpirySeconds int          `json:"expirySeconds"`
	Description   string       `json:"description"`
}

func (*Req) AsReader ¶

func (r *Req) AsReader() io.Reader

type TSResponse ¶

type TSResponse struct {
	Id           string       `json:"id"`
	Key          string       `json:"key"`
	Created      time.Time    `json:"created"`
	Expires      time.Time    `json:"expires"`
	Revoked      time.Time    `json:"revoked"`
	Capabilities Capabilities `json:"capabilities"`
	Description  string       `json:"description"`
}

func CreateAuthKey ¶

func CreateAuthKey(expirySeconds int, description string, tags []string) (*TSResponse, error)

This function will create the API Key for use in joining new machines to the tailnet.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL