search

markpash / tailscale-sidecar

A TCP proxy used to expose services onto a tailscale network without root. Ideal for container environments.
MIT License
137 stars 10 forks source link

Suggest tailscale ephemeral authkeys instead of URL-based login #1

Closed apenwarr closed 2 years ago

apenwarr commented 3 years ago

Cool project!

I see the instructions suggest setting a LOGIN environment variable to emit an authkey so you can do a login process the first time, then removing it after that. Instead, you might want to try ephemeral keys: https://tailscale.com/kb/1111/ephemeral-nodes/ which are often better when spinning up connections programmatically.

Hope that helps!

markpash commented 3 years ago

Cool project!

Thanks! Awesome service you all offer!

I see the instructions suggest setting a LOGIN environment variable to emit an authkey so you can do a login process the first time, then removing it after that. Instead, you might want to try ephemeral keys: https://tailscale.com/kb/1111/ephemeral-nodes/ which are often better when spinning up connections programmatically.

Great, but I'm curious how I can use that as this project uses tailscale as a library, so how would I provide the key to it? Is there a special env var I can set with the key which will authenticate the instance?

markpash commented 3 years ago

I see authkey support was added as part of tsnet in here https://github.com/tailscale/tailscale/pull/2613 I'll keep this issue open until I get around to updating the deps and docs to reflect this new ability.

markpash commented 2 years ago

I see authkey support was added as part of tsnet in here tailscale/tailscale#2613 I'll keep this issue open until I get around to updating the deps and docs to reflect this new ability.

This is now done :)