Docs Home
Tailscale v0.19.0 published on Thursday, Apr 10, 2025 by Pulumi
tailscale.TailnetKey
Explore with Pulumi AI
The tailnet_key resource allows you to create pre-authentication keys that can register new nodes without needing to sign in via a web browser. See https://tailscale.com/kb/1085/auth-keys for more information
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as tailscale from "@pulumi/tailscale";
const sampleKey = new tailscale.TailnetKey("sample_key", {
reusable: true,
ephemeral: false,
preauthorized: true,
expiry: 3600,
description: "Sample key",
});
import pulumi
import pulumi_tailscale as tailscale
sample_key = tailscale.TailnetKey("sample_key",
reusable=True,
ephemeral=False,
preauthorized=True,
expiry=3600,
description="Sample key")
package main
import (
"github.com/pulumi/pulumi-tailscale/sdk/go/tailscale"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tailscale.NewTailnetKey(ctx, "sample_key", &tailscale.TailnetKeyArgs{
Reusable: pulumi.Bool(true),
Ephemeral: pulumi.Bool(false),
Preauthorized: pulumi.Bool(true),
Expiry: pulumi.Int(3600),
Description: pulumi.String("Sample key"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tailscale = Pulumi.Tailscale;
return await Deployment.RunAsync(() =>
{
var sampleKey = new Tailscale.TailnetKey("sample_key", new()
{
Reusable = true,
Ephemeral = false,
Preauthorized = true,
Expiry = 3600,
Description = "Sample key",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tailscale.TailnetKey;
import com.pulumi.tailscale.TailnetKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var sampleKey = new TailnetKey("sampleKey", TailnetKeyArgs.builder()
.reusable(true)
.ephemeral(false)
.preauthorized(true)
.expiry(3600)
.description("Sample key")
.build());
}
}
resources:
sampleKey:
type: tailscale:TailnetKey
name: sample_key
properties:
reusable: true
ephemeral: false
preauthorized: true
expiry: 3600
description: Sample key
Create TailnetKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new TailnetKey(name: string, args?: TailnetKeyArgs, opts?: CustomResourceOptions);@overload
def TailnetKey(resource_name: str,
args: Optional[TailnetKeyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def TailnetKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
ephemeral: Optional[bool] = None,
expiry: Optional[int] = None,
preauthorized: Optional[bool] = None,
recreate_if_invalid: Optional[str] = None,
reusable: Optional[bool] = None,
tags: Optional[Sequence[str]] = None,
user_id: Optional[str] = None)func NewTailnetKey(ctx *Context, name string, args *TailnetKeyArgs, opts ...ResourceOption) (*TailnetKey, error)public TailnetKey(string name, TailnetKeyArgs? args = null, CustomResourceOptions? opts = null)
public TailnetKey(String name, TailnetKeyArgs args)
public TailnetKey(String name, TailnetKeyArgs args, CustomResourceOptions options)
type: tailscale:TailnetKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TailnetKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TailnetKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TailnetKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TailnetKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TailnetKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var tailnetKeyResource = new Tailscale.TailnetKey("tailnetKeyResource", new()
{
Description = "string",
Ephemeral = false,
Expiry = 0,
Preauthorized = false,
RecreateIfInvalid = "string",
Reusable = false,
Tags = new[]
{
"string",
},
UserId = "string",
});
example, err := tailscale.NewTailnetKey(ctx, "tailnetKeyResource", &tailscale.TailnetKeyArgs{
Description: pulumi.String("string"),
Ephemeral: pulumi.Bool(false),
Expiry: pulumi.Int(0),
Preauthorized: pulumi.Bool(false),
RecreateIfInvalid: pulumi.String("string"),
Reusable: pulumi.Bool(false),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
UserId: pulumi.String("string"),
})
var tailnetKeyResource = new TailnetKey("tailnetKeyResource", TailnetKeyArgs.builder()
.description("string")
.ephemeral(false)
.expiry(0)
.preauthorized(false)
.recreateIfInvalid("string")
.reusable(false)
.tags("string")
.userId("string")
.build());
tailnet_key_resource = tailscale.TailnetKey("tailnetKeyResource",
description="string",
ephemeral=False,
expiry=0,
preauthorized=False,
recreate_if_invalid="string",
reusable=False,
tags=["string"],
user_id="string")
const tailnetKeyResource = new tailscale.TailnetKey("tailnetKeyResource", {
description: "string",
ephemeral: false,
expiry: 0,
preauthorized: false,
recreateIfInvalid: "string",
reusable: false,
tags: ["string"],
userId: "string",
});
type: tailscale:TailnetKey
properties:
description: string
ephemeral: false
expiry: 0
preauthorized: false
recreateIfInvalid: string
reusable: false
tags:
- string
userId: string
TailnetKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The TailnetKey resource accepts the following input properties:
- Description string
- A description of the key consisting of alphanumeric characters. Defaults to
"". - Ephemeral bool
- Indicates if the key is ephemeral. Defaults to
false. - Expiry int
- The expiry of the key in seconds. Defaults to
7776000(90 days). - bool
- Determines whether or not the machines authenticated by the key will be authorized for the tailnet by default. Defaults to
false. - Recreate
If stringInvalid - Determines whether the key should be created again if it becomes invalid. By default, reusable keys will be recreated, but single-use keys will not. Possible values: 'always', 'never'.
- Reusable bool
- Indicates if the key is reusable or single-use. Defaults to
false. - List<string>
- List of tags to apply to the machines authenticated by the key.
- User
Id string - ID of the user who created this key, empty for keys created by OAuth clients.
- Description string
- A description of the key consisting of alphanumeric characters. Defaults to
"". - Ephemeral bool
- Indicates if the key is ephemeral. Defaults to
false. - Expiry int
- The expiry of the key in seconds. Defaults to
7776000(90 days). - bool
- Determines whether or not the machines authenticated by the key will be authorized for the tailnet by default. Defaults to
false. - Recreate
If stringInvalid - Determines whether the key should be created again if it becomes invalid. By default, reusable keys will be recreated, but single-use keys will not. Possible values: 'always', 'never'.
- Reusable bool
- Indicates if the key is reusable or single-use. Defaults to
false. - []string
- List of tags to apply to the machines authenticated by the key.
- User
Id string - ID of the user who created this key, empty for keys created by OAuth clients.
- description String
- A description of the key consisting of alphanumeric characters. Defaults to
"". - ephemeral Boolean
- Indicates if the key is ephemeral. Defaults to
false. - expiry Integer
- The expiry of the key in seconds. Defaults to
7776000(90 days). - Boolean
- Determines whether or not the machines authenticated by the key will be authorized for the tailnet by default. Defaults to
false. - recreate
If StringInvalid - Determines whether the key should be created again if it becomes invalid. By default, reusable keys will be recreated, but single-use keys will not. Possible values: 'always', 'never'.
- reusable Boolean
- Indicates if the key is reusable or single-use. Defaults to
false. - List<String>
- List of tags to apply to the machines authenticated by the key.
- user
Id String - ID of the user who created this key, empty for keys created by OAuth clients.
- description string
- A description of the key consisting of alphanumeric characters. Defaults to
"". - ephemeral boolean
- Indicates if the key is ephemeral. Defaults to
false. - expiry number
- The expiry of the key in seconds. Defaults to
7776000(90 days). - boolean
- Determines whether or not the machines authenticated by the key will be authorized for the tailnet by default. Defaults to
false. - recreate
If stringInvalid - Determines whether the key should be created again if it becomes invalid. By default, reusable keys will be recreated, but single-use keys will not. Possible values: 'always', 'never'.
- reusable boolean
- Indicates if the key is reusable or single-use. Defaults to
false. - string[]
- List of tags to apply to the machines authenticated by the key.
- user
Id string - ID of the user who created this key, empty for keys created by OAuth clients.
- description str
- A description of the key consisting of alphanumeric characters. Defaults to
"". - ephemeral bool
- Indicates if the key is ephemeral. Defaults to
false. - expiry int
- The expiry of the key in seconds. Defaults to
7776000(90 days). - bool
- Determines whether or not the machines authenticated by the key will be authorized for the tailnet by default. Defaults to
false. - recreate_
if_ strinvalid - Determines whether the key should be created again if it becomes invalid. By default, reusable keys will be recreated, but single-use keys will not. Possible values: 'always', 'never'.
- reusable bool
- Indicates if the key is reusable or single-use. Defaults to
false. - Sequence[str]
- List of tags to apply to the machines authenticated by the key.
- user_
id str - ID of the user who created this key, empty for keys created by OAuth clients.
- description String
- A description of the key consisting of alphanumeric characters. Defaults to
"". - ephemeral Boolean
- Indicates if the key is ephemeral. Defaults to
false. - expiry Number
- The expiry of the key in seconds. Defaults to
7776000(90 days). - Boolean
- Determines whether or not the machines authenticated by the key will be authorized for the tailnet by default. Defaults to
false. - recreate
If StringInvalid - Determines whether the key should be created again if it becomes invalid. By default, reusable keys will be recreated, but single-use keys will not. Possible values: 'always', 'never'.
- reusable Boolean
- Indicates if the key is reusable or single-use. Defaults to
false. - List<String>
- List of tags to apply to the machines authenticated by the key.
- user
Id String - ID of the user who created this key, empty for keys created by OAuth clients.
Outputs
All input properties are implicitly available as output properties. Additionally, the TailnetKey resource produces the following output properties:
- Created
At string - The creation timestamp of the key in RFC3339 format
- Expires
At string - The expiry timestamp of the key in RFC3339 format
- Id string
- The provider-assigned unique ID for this managed resource.
- Invalid bool
- Indicates whether the key is invalid (e.g. expired, revoked or has been deleted).
- Key string
- The authentication key
- Created
At string - The creation timestamp of the key in RFC3339 format
- Expires
At string - The expiry timestamp of the key in RFC3339 format
- Id string
- The provider-assigned unique ID for this managed resource.
- Invalid bool
- Indicates whether the key is invalid (e.g. expired, revoked or has been deleted).
- Key string
- The authentication key
- created
At String - The creation timestamp of the key in RFC3339 format
- expires
At String - The expiry timestamp of the key in RFC3339 format
- id String
- The provider-assigned unique ID for this managed resource.
- invalid Boolean
- Indicates whether the key is invalid (e.g. expired, revoked or has been deleted).
- key String
- The authentication key
- created
At string - The creation timestamp of the key in RFC3339 format
- expires
At string - The expiry timestamp of the key in RFC3339 format
- id string
- The provider-assigned unique ID for this managed resource.
- invalid boolean
- Indicates whether the key is invalid (e.g. expired, revoked or has been deleted).
- key string
- The authentication key
- created_
at str - The creation timestamp of the key in RFC3339 format
- expires_
at str - The expiry timestamp of the key in RFC3339 format
- id str
- The provider-assigned unique ID for this managed resource.
- invalid bool
- Indicates whether the key is invalid (e.g. expired, revoked or has been deleted).
- key str
- The authentication key
- created
At String - The creation timestamp of the key in RFC3339 format
- expires
At String - The expiry timestamp of the key in RFC3339 format
- id String
- The provider-assigned unique ID for this managed resource.
- invalid Boolean
- Indicates whether the key is invalid (e.g. expired, revoked or has been deleted).
- key String
- The authentication key
Look up Existing TailnetKey Resource
Get an existing TailnetKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TailnetKeyState, opts?: CustomResourceOptions): TailnetKey@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
created_at: Optional[str] = None,
description: Optional[str] = None,
ephemeral: Optional[bool] = None,
expires_at: Optional[str] = None,
expiry: Optional[int] = None,
invalid: Optional[bool] = None,
key: Optional[str] = None,
preauthorized: Optional[bool] = None,
recreate_if_invalid: Optional[str] = None,
reusable: Optional[bool] = None,
tags: Optional[Sequence[str]] = None,
user_id: Optional[str] = None) -> TailnetKeyfunc GetTailnetKey(ctx *Context, name string, id IDInput, state *TailnetKeyState, opts ...ResourceOption) (*TailnetKey, error)public static TailnetKey Get(string name, Input<string> id, TailnetKeyState? state, CustomResourceOptions? opts = null)public static TailnetKey get(String name, Output<String> id, TailnetKeyState state, CustomResourceOptions options)resources: _: type: tailscale:TailnetKey get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Created
At string - The creation timestamp of the key in RFC3339 format
- Description string
- A description of the key consisting of alphanumeric characters. Defaults to
"". - Ephemeral bool
- Indicates if the key is ephemeral. Defaults to
false. - Expires
At string - The expiry timestamp of the key in RFC3339 format
- Expiry int
- The expiry of the key in seconds. Defaults to
7776000(90 days). - Invalid bool
- Indicates whether the key is invalid (e.g. expired, revoked or has been deleted).
- Key string
- The authentication key
- bool
- Determines whether or not the machines authenticated by the key will be authorized for the tailnet by default. Defaults to
false. - Recreate
If stringInvalid - Determines whether the key should be created again if it becomes invalid. By default, reusable keys will be recreated, but single-use keys will not. Possible values: 'always', 'never'.
- Reusable bool
- Indicates if the key is reusable or single-use. Defaults to
false. - List<string>
- List of tags to apply to the machines authenticated by the key.
- User
Id string - ID of the user who created this key, empty for keys created by OAuth clients.
- Created
At string - The creation timestamp of the key in RFC3339 format
- Description string
- A description of the key consisting of alphanumeric characters. Defaults to
"". - Ephemeral bool
- Indicates if the key is ephemeral. Defaults to
false. - Expires
At string - The expiry timestamp of the key in RFC3339 format
- Expiry int
- The expiry of the key in seconds. Defaults to
7776000(90 days). - Invalid bool
- Indicates whether the key is invalid (e.g. expired, revoked or has been deleted).
- Key string
- The authentication key
- bool
- Determines whether or not the machines authenticated by the key will be authorized for the tailnet by default. Defaults to
false. - Recreate
If stringInvalid - Determines whether the key should be created again if it becomes invalid. By default, reusable keys will be recreated, but single-use keys will not. Possible values: 'always', 'never'.
- Reusable bool
- Indicates if the key is reusable or single-use. Defaults to
false. - []string
- List of tags to apply to the machines authenticated by the key.
- User
Id string - ID of the user who created this key, empty for keys created by OAuth clients.
- created
At String - The creation timestamp of the key in RFC3339 format
- description String
- A description of the key consisting of alphanumeric characters. Defaults to
"". - ephemeral Boolean
- Indicates if the key is ephemeral. Defaults to
false. - expires
At String - The expiry timestamp of the key in RFC3339 format
- expiry Integer
- The expiry of the key in seconds. Defaults to
7776000(90 days). - invalid Boolean
- Indicates whether the key is invalid (e.g. expired, revoked or has been deleted).
- key String
- The authentication key
- Boolean
- Determines whether or not the machines authenticated by the key will be authorized for the tailnet by default. Defaults to
false. - recreate
If StringInvalid - Determines whether the key should be created again if it becomes invalid. By default, reusable keys will be recreated, but single-use keys will not. Possible values: 'always', 'never'.
- reusable Boolean
- Indicates if the key is reusable or single-use. Defaults to
false. - List<String>
- List of tags to apply to the machines authenticated by the key.
- user
Id String - ID of the user who created this key, empty for keys created by OAuth clients.
- created
At string - The creation timestamp of the key in RFC3339 format
- description string
- A description of the key consisting of alphanumeric characters. Defaults to
"". - ephemeral boolean
- Indicates if the key is ephemeral. Defaults to
false. - expires
At string - The expiry timestamp of the key in RFC3339 format
- expiry number
- The expiry of the key in seconds. Defaults to
7776000(90 days). - invalid boolean
- Indicates whether the key is invalid (e.g. expired, revoked or has been deleted).
- key string
- The authentication key
- boolean
- Determines whether or not the machines authenticated by the key will be authorized for the tailnet by default. Defaults to
false. - recreate
If stringInvalid - Determines whether the key should be created again if it becomes invalid. By default, reusable keys will be recreated, but single-use keys will not. Possible values: 'always', 'never'.
- reusable boolean
- Indicates if the key is reusable or single-use. Defaults to
false. - string[]
- List of tags to apply to the machines authenticated by the key.
- user
Id string - ID of the user who created this key, empty for keys created by OAuth clients.
- created_
at str - The creation timestamp of the key in RFC3339 format
- description str
- A description of the key consisting of alphanumeric characters. Defaults to
"". - ephemeral bool
- Indicates if the key is ephemeral. Defaults to
false. - expires_
at str - The expiry timestamp of the key in RFC3339 format
- expiry int
- The expiry of the key in seconds. Defaults to
7776000(90 days). - invalid bool
- Indicates whether the key is invalid (e.g. expired, revoked or has been deleted).
- key str
- The authentication key
- bool
- Determines whether or not the machines authenticated by the key will be authorized for the tailnet by default. Defaults to
false. - recreate_
if_ strinvalid - Determines whether the key should be created again if it becomes invalid. By default, reusable keys will be recreated, but single-use keys will not. Possible values: 'always', 'never'.
- reusable bool
- Indicates if the key is reusable or single-use. Defaults to
false. - Sequence[str]
- List of tags to apply to the machines authenticated by the key.
- user_
id str - ID of the user who created this key, empty for keys created by OAuth clients.
- created
At String - The creation timestamp of the key in RFC3339 format
- description String
- A description of the key consisting of alphanumeric characters. Defaults to
"". - ephemeral Boolean
- Indicates if the key is ephemeral. Defaults to
false. - expires
At String - The expiry timestamp of the key in RFC3339 format
- expiry Number
- The expiry of the key in seconds. Defaults to
7776000(90 days). - invalid Boolean
- Indicates whether the key is invalid (e.g. expired, revoked or has been deleted).
- key String
- The authentication key
- Boolean
- Determines whether or not the machines authenticated by the key will be authorized for the tailnet by default. Defaults to
false. - recreate
If StringInvalid - Determines whether the key should be created again if it becomes invalid. By default, reusable keys will be recreated, but single-use keys will not. Possible values: 'always', 'never'.
- reusable Boolean
- Indicates if the key is reusable or single-use. Defaults to
false. - List<String>
- List of tags to apply to the machines authenticated by the key.
- user
Id String - ID of the user who created this key, empty for keys created by OAuth clients.
Import
Tailnet key can be imported using the key id, e.g.,
$ pulumi import tailscale:index/tailnetKey:TailnetKey sample_key 123456789
-> ** Note ** the key attribute will not be populated on import as this attribute is only populated
on resource creation.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- tailscale pulumi/pulumi-tailscale
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
tailscaleTerraform Provider.