Mods

turbot/tailscale_compliance

GitHub
Overview
1Dashboards
7Controls
0Queries
0Variables
GitHub
Loading controls...
On This Page
Description
Usage
Plugins & Tables
SQL
Get Involved
Edit on GitHub
Discuss on Slack

Control: Customize node key expiration

Description

Require users to rotate keys by re-authenticating their devices to the network regularly. Devices connect to your tailnet using a public key which expires automatically after a period of time, forcing keys to rotate.

Usage

Run the control in your terminal:

steampipe check tailscale_compliance.control.security_best_practices_device_node_key_expire

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share tailscale_compliance.control.security_best_practices_device_node_key_expire

Plugins & Tables

tailscale_device
Tailscale plugin

SQL

select
  id as resource,
  case
    when key_expiry_disabled then 'alarm'
    else 'ok'
  end as status,
  case
    when key_expiry_disabled then name || ' key expiration disabled.'
    else name || ' key expiration enabled.'
  end as reason,
  tailnet_name
from
  tailscale_device;