Are you using this plugin?

[davidsbond]

Recently I've noticed this repo getting a lot of stars over the last week. I say a lot, by my standards it's a lot.

Just curious if you're using this plugin at home/work successfully, let me know!

[aelbarkani]

I'm planning to test it shortly then probably use it !

[dgivens]

I used it previously to get auth keys through the Vault pulumi provider, but found that they were getting revoked before the instances could start and switched to using the Tailscale provider. That said, I would like to start using it again once you get #65 done. I almost picked it up to see if I could help, but just don't have the time to spare. The expiring api keys are a bummer.

[kvizdos]

I used it previously to get auth keys through the Vault pulumi provider, but found that they were getting revoked before the instances could start and switched to using the Tailscale provider. That said, I would like to start using it again once you get #65 done. I almost picked it up to see if I could help, but just don't have the time to spare. The expiring api keys are a bummer.

Is the key expiring still an issue? If I’m reading correctly, we can tag the Hashicorp Vault Authkey, and that should disable expirations:
“Key expiry for a tagged device is disabled by default. If you change the tags on the device via the admin console, Tailscale CLI, or Tailscale API, the device’s key expiry will not change unless you are asked to re-authenticate. That is, if it is enabled, it stays enabled; and if it is disabled, it stays disabled. Once you re-authenticate, the device’s key expiry will be disabled.”

https://tailscale.com/kb/1085/auth-keys/

Anybody able to test this//confirm? I’m still relatively new to Tailscale, so I may not be reading it correctly. Thanks for the help!

[dgivens]

The issue isn't with the auth keys. It's that the API keys have a fixed expiry. They've added oauth client auth that can serve in place of API keys, but with scoped access.